Cyber Security Weekly Recap (20-26.March)

Cyber Security Weekly Recap 20.03 26.03 1024x680

Redis Bug in OpenAI’s ChatGPT Service Led to User Data Exposure

OpenAI’s ChatGPT service experienced a bug in the Redis open source library, causing users’ personal information and chat titles to be exposed. This bug, which came to light on March 20, 2023, allowed some users to view brief descriptions of other users’ conversations, prompting OpenAI to temporarily shut down the chatbot. The bug originated in the redis-py library, which caused connections to be corrupted and return unexpected data from the database cache. This resulted in information belonging to unrelated users being exposed.

While the vulnerability has been fixed, OpenAI warned that it may have had far-reaching consequences, including the exposure of payment information for 1.2% of ChatGPT Plus members between 1 and 10 a.m. PT on March 20.

The company claims it has contacted impacted users to inform them of the accidental disclosure. Redundant checks were also included to make sure the information from the Redis cache was correct for the requesting user.

Fake ChatGPT Chrome Browser Extension Steals Facebook Accounts

A fake Chrome browser extension called “ChatGPT For Google” has been removed from the official Web Store by Google. The extension, which masqueraded as OpenAI’s ChatGPT service, harvested Facebook session cookies and hijacked accounts and was propagated through malicious sponsored Google search results that redirected unsuspecting users searching for “Chat GPT-4” to fraudulent landing pages that pointed to the fake add-on.

As per the information that is available, around 9,000 people have installed the trojanized “ChatGPT For Google” extension since March 14, 2023 before it was taken down. This is the second fake ChatGPT Chrome browser extension discovered in the wild. It provides further evidence that hackers are able to rapidly adjust their operations to capitalize on the widespread use of ChatGPT by spreading malware and conducting opportunistic assaults.

Malicious Python Package Steals Data Using Unicode Tricks

A malicious Python package called onyxproxy was found on the Python Package Index (PyPI) repository. It used Unicode as a trick to evade detection and deploy an info-stealing malware that harvested and exfiltrated credentials and other valuable data. The package was downloaded 183 times before it was taken down. It incorporated its malicious behavior in a setup script packed with thousands of seemingly legitimate code strings.

New Android Banking Malware Called Nexus Targets 450 Financial Apps

Nexus is a new Android banking malware that’s been adopted by several threat actors to target 450 financial applications and conduct fraud. The malware has been advertised as a subscription service to its clientele for a monthly fee of $3,000. Nexus provides all the main features to perform Account Takeover (ATO) attacks against banking portals and cryptocurrency services, such as credentials stealing and SMS interception. While the threat appears to be in its early stages of development, according to a research by Italian cybersecurity firm Cleafy, there are indications that it may have been used in real-world attacks as early as June 2022.

ShellBot DDoS Malware Variants Target Poorly Managed Linux Servers

A new attack campaign deploys different variants of a malware called ShellBot to target poorly managed Linux SSH servers. According to a study by the AhnLab Security Emergency response Center (ASEC), ShellBot is a DDoS bot malware developed in Perl that characteristically uses IRC protocol to communicate with the C&C server. It is installed on servers that have weak credentials, but only after threat actors have made use of scanner malware to identify systems that have SSH port 22 open.

As per the information that is available, ShellBot comes with more backdoor-like capabilities to grant reverse shell access and upload arbitrary files from the compromised host. The findings come nearly three months after ShellBot was employed in attacks aimed at Linux servers that also distributed cryptocurrency miners via a shell script compiler.

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Microsoft has issued guidance to help customers discover indicators of compromise associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397, the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction.

This vulnerability was resolved by Microsoft as part of its March 2023 Patch Tuesday updates. However, before the patch was released, Russia-based threat actors had already weaponized the flaw in attacks targeting European government, transportation, energy, and military institutions.

About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment