Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware
A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID.
Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its "User-Agent" string.
Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware. A recent report from Proofpoint Read More
The Hacker News | #1 Trusted Cybersecurity News Site
HackerGPT 2.0 – A ChatGPT-Powered AI Tool for Ethical Hackers & Cyber Community
[[{“value”:”
HackerGPT is an advanced AI tool created specifically for the cybersecurity industry, handy for individuals engaged in ethical hacking and cyber security research like bug bounty hunters.
This sophisticated assistant is at the forefront of cyber intelligence, providing an extensive collection of hacking methods, tools, and tactics. HackerGPT is not just a place for storing information; it actively assists users in navigating the intricacies of cybersecurity.
Various tools powered by ChatGPT, like OSINVGPT, PentestGPT, WormGPT, andBurpGPT, have already been created for the cyber security community, and HackerGPT is now adding to this legacy.
More than 400,000 analysts use ANY.RUN is a malware analysis sandbox worldwide. Join the community to conduct in-depth investigations into the top threats and collect detailed reports on their behavior..
The Goal of HackerGPT 2.0:
This tool utilizes ChatGPT’s advanced features and specialized training data to support a range of cybersecurity activities such as network and mobile hacking. It also helps comprehend various hacking techniques without the need for unethical methods like jailbreaking.
HackerGPT provides prompt responses to user inquiries while following ethical standards. It offers support for GPT-3 and GPT-4 models, giving users access to various hacking techniques and methodologies.
The tool can be accessed through a web browser, and there are plans to create a mobile app version later on. It provides a 14-day trial with unlimited messages and quicker response times.
HackerGPT is designed to simplify the hacking process, helping cybersecurity professionals create payloads, grasp attack vectors, and convey technical results.
This AI assistant is valuable for improving security assessments and helping technical and non-technical stakeholders understand potential risks and solutions.
Recently, HackerGPT unveiled version 2.0, and the beta can be accessed here.
How HackerGPT 2.0 Works:
When you submit a question to HackerGPT, the first step is to verify your identity and handle the query limits, which vary between free and premium users.
The system searches its vast database to locate the most pertinent information for the query. Translation is utilized for non-English inquiries to enhance the effectiveness of the database search.
When a compatible match is found, it gets incorporated into the AI’s response system. The request is securely sent to OpenAI or OpenRouter for processing, guaranteeing that no personal information is included. The answer you get will vary based on the module being utilized.
What to know before purchasing a cloud-based, converged network security solution.
Prevent malware from infecting your network at the delivery stage by intercepting malicious files in transit from their source to the target device’s web browser.
.
HackerGPT Module: A customized version of Mixtral 8x7B with semantic search capabilities tailored to our database.
GPT-4 Turbo: The most recent innovation from OpenAI, enhanced with our specialized prompts.
Guidelines for Issues: The “Issues” section is strictly for problems directly related to the codebase. We’ve noticed an influx of non-codebase-related issues, such as feature requests or cloud provider problems. Please consult the “Help” section under the “Discussions” tab for setup-related queries. Issues not pertinent to the codebase are typically closed promptly.
Engagement in Discussions: We strongly encourage active participation in the “Discussions” tab! It’s an excellent platform for asking questions, exchanging ideas, and seeking assistance. Others might have the same question if you have a question.
Updating Process: To update your local Chatbot UI repository, navigate to the root directory in your terminal and execute:
npm run update
For hosted instances, you’ll also need to run:
npm run db-push
This will apply the latest migrations to your live database.
Setting Up Locally: To set up your own instance of Chatbot UI locally, follow these steps:
Navigate to the root directory of your local Chatbot UI repository and run:
npm install
Install Supabase & Run Locally:
Supabase is chosen for its ease of use, open-source nature, and free tier for hosted instances. It replaces local browser storage, addressing security concerns, storage limitations, and enabling multi-modal use cases.
Install Docker: Necessary for running Supabase locally. Download it for free from the official site.
Install Supabase CLI: Use Homebrew for macOS/Linux or Scoop for Windows.
Start Supabase: Execute supabase start in your terminal at the root of the Chatbot UI repository.
Fill in Secrets: Copy the .env.local.example file to .env.local and populate it with values obtained from supabase status.
Optional Local Model Installation:
For local models, follow the instructions provided for Ollama installation.
Run the App Locally:
Finally, run npm run chat in your terminal. Your local instance should now be accessible at http://localhost:3000.
Setting Up a Hosted Instance:
To deploy your Chatbot UI instance in the cloud, follow the local setup steps here. Then, create a separate repository for your hosted instance and push your code to GitHub.
Microsoft fixes Windows bug causing File Explorer freezes
Microsoft has addressed a known issue causing File Explorer on Windows 11 and Windows Server systems after viewing a file’s effective access permissions. […] Read More
WhatsApp does not officially support WhatsApp mods and can vary in popularity. Some users are attracted to them for extra features and customization options.
However, using WhatsApp mods can expose users to security risks, as they are not subject to the same security checks as the official app.
Hackers may exploit vulnerabilities in these mods to perform spy operations, such as:
Intercept messages
Access contacts
Distribute malware
Recently, cybersecurity researchers at Seurelist found previously safe mods containing a Trojan-Spy module identified as:-
Trojan-Spy.AndroidOS.CanesSpy
Technical analysis
The malicious WhatsApp mod has suspicious components, like a broadcast receiver, not found or present in the original program. Here, this receiver triggers a spy module when the phone is turned on or charging.
Suspicious app components (Source – Securelist)
The service selects a C&C server via the Application_DM constant. It sends device info like IMEI, phone number, and more to the server.
Besides this, every five minutes, the module also shares configuration details and the victim’s data.
Once device information is uploaded, the malware requests instructions (“orders”) from the C&C at set intervals, typically one minute.
The Arabic-language communications sent to the C&C server suggested that the developer spoke Arabic.
WhatsApp Spy ModsDistribution
Spy modules in WhatsApp mods led researchers to investigate their distribution. They traced it to Telegram channels, mainly in Arabic and Azeri languages.
The largest channel had nearly two million subscribers, and analysts reported this to Telegram as a means of malware distribution.
WhatsApp spy mods distributed via Telegram (Source – Securelist)
Researchers downloaded the latest mod versions from the channels and confirmed the spy module.
They found the spyware in versions since mid-August 2023, but one channel later replaced it with a clean version around October 20.
Infected mods spread through Telegram channels and suspicious WhatsApp modification websites.
Kaspersky blocked over 340,000 attacks in over 100 countries in October, but the actual installations could be higher due to the distribution channel.
WhatsApp mods are typically found on third-party Android app stores and Telegram channels, which may lack security measures.
For data safety, always stick to official messaging apps. If you want extra features, consider using a trusted security solution to detect and block malware in mods.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.