ChatGPT data leak and Gmail message theft by North Korean hackers

March 27, 2023 by Dan Virgillito

ChatGPT suffers data leak due to an open-source bug, North Korean hackers steal Gmail emails via Chrome extensions and the Nexus Android malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.

1. OpenAI says an open-source bug leaked ChatGPT user data

 OpenAI has disclosed that a bug in the Redis open-source library caused the exposure of personal information of some users of its ChatGPT service. The bug allowed certain users to see descriptions of other users’ conversations, prompting the temporary closure of the chatbot. OpenAI noted that the glitch originated in the redis-py library, causing connections to be corrupted and return unexpected data from the database cache. While the issue has been resolved, the company stated that it may have exposed payment-related information of 1.2% of ChatGPT Plus subscribers.

Read more »

2. North Korean Hackers stealing Gmail messages via Chrome extensions

North Korean hacking group Kimsuky (aka Thallium or Velvet Chollima) is using malicious Chrome extensions to steal Gmail emails from targets, including government agencies, journalists and politicians. The group, known for targeting South Korean companies, has been expanding its operations globally. A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution and the National Intelligence Service of the Republic of Korea has warned of Kimsuky’s use of a Chrome extension named ‘AF’, which intercepts and sends stolen email content to the attacker’s relay server. The advisory cautions that while the current campaign targets South Korea, Kimsuky’s methods can be used worldwide.

Read more »

3. Procter & Gamble confirms GoAnywhere zero-day exploit  

Consumer goods giant Procter & Gamble (P&G) has confirmed that it was one of many companies affected by the Fortra GoAnywhere vulnerability. The company revealed that the attackers obtained “some information” about its employees, but no customer data was affected. The disclosure followed the claim by ransomware group Cl0p that it had successfully targeted P&G along with other high-profile firms. Cl0p cited the Fortra vulnerability as being key to the campaign, with experts suggesting the gang’s openness about the issue may point to the tool being obsolete.

Read more »

4. Customers of over 400 financial institutions targeted by Nexus Android malware

In a new threat to mobile banking and cryptocurrency applications, malware called “Nexus” is being used to target customers of 450 banks and cryptocurrency services globally. This Android trojan contains multiple features for account hijacking and siphoning funds out of accounts. Cleafy, an Italian cybersecurity firm, first discovered Nexus last year but identified it as a Sova variant. However, the malware has since evolved and emerged on hacking forums with new functionalities. The malware authors have launched a malware-as-a-service program for other threat actors to rent or subscribe to Nexus.

Read more »

5. Emotet phishing campaign targets U.S. taxpayers with fake W-9 forms

A new phishing campaign using the notorious Emotet malware is targeting taxpayers in the U.S.. The hackers are impersonating the Internal Revenue Service (IRS) and companies that taxpayers work with, using fake W-9 tax forms as bait. Emotet has in the past been distributed via Microsoft Word and Excel documents with malicious macros, but after Microsoft blocked macros by default, the malware now uses Microsoft OneNote files with embedded scripts to install. Once Emotet is installed, it can steal victims’ emails, send spam emails and install other malware. The malware is timed to coincide with the U.S. tax season.

Read more »

Posted: March 27, 2023
Dan Virgillito
View Profile

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news. Visit his website or say hi on Twitter.