Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’

WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence (AI) to help write malicious software without all the pesky prohibitions on such activity enforced by ChatGPT and Google Bard, has started adding restrictions on how the service can be used. Faced with customers trying to use WormGPT to create ransomware and phishing scams, the 23-year-old Portuguese programmer who created the project now says his service is slowly morphing into “a more controlled environment.”

The large language models (LLMs) made by ChatGPT parent OpenAI or Google or Microsoft all have various safety measures designed to prevent people from abusing them for nefarious purposes — such as creating malware or hate speech. In contrast, WormGPT has promoted itself as a new LLM that was created specifically for cybercrime activities. Continue reading Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’

Breach Exposes Users of Microleaves Proxy Service

Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, exposed their entire user database and the location of tens of millions of PCs running the proxy software. Microleaves claims its proxy software is installed with user consent. But research suggests Microleaves has a lengthy history of being supplied with new proxies by affiliates incentivized to install the software any which way they can — such as by secretly bundling it with other software. Continue reading Breach Exposes Users of Microleaves Proxy Service

DDoS-for-Hire Boss Gets 13 Months Jail Time

A 21-year-old Illinois man was sentenced last week to 13 months in prison for running multiple DDoS-for-hire services that launched millions of attacks over several years. This individual’s sentencing comes more than five years after KrebsOnSecurity interviewed both the defendant and his father and urged the latter to take a more active interest in his son’s online activities. Continue reading DDoS-for-Hire Boss Gets 13 Months Jail Time

The Rise of “Bulletproof” Residential Networks

Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Most often, those connections are hacked computers, mobile phones, or home routers. But this is the story of a sprawling “bulletproof residential VPN” service that appears to have been built by acquiring chunks of Internet addresses from some the largest ISPs and mobile data providers in the United States and abroad. Continue reading The Rise of “Bulletproof” Residential Networks

Hacking forums survive cybercrime dragnet as feds prioritize drug-market busts

It might be more difficult these days to conduct an anonymous drug deal on the dark web, but not every online criminal enterprise is feeling the pinch of international law enforcement. New research shows that as the FBI and other crime-fighting agencies have gone after dark web markets, cybercrime communities have avoided the heat. Stolen financial information, access to hacked social media accounts and malicious software tools are still widely available on forums accessible on the open web, without using the Tor anonymity software. Among those still operating are the prominent Russian-language marketplace Exploit.in, the “carding” forum Joker’s Stash and Hackforums, which offers guidance on how to become a hacker. Exploit, in particular, has gained nearly 1,000 new accounts over the past six weeks, with current membership at 44,433 user accounts as of May 13, according to research conducted by Digital Shadows exclusively for CyberScoop. The site is “fully gated,” meaning outsiders must pay $100 for […]

The post Hacking forums survive cybercrime dragnet as feds prioritize drug-market busts appeared first on CyberScoop.

Continue reading Hacking forums survive cybercrime dragnet as feds prioritize drug-market busts

Bug Bounty Hunter Ran ISP Doxing Service

A Connecticut man who’s earned “bug bounty” rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data, KrebsOnSecurity has learned. Continue reading Bug Bounty Hunter Ran ISP Doxing Service

Talos: Remcos software is a surveillance tool posing as legitimate software

U.S. law enforcement has been alerted to the use of the Remcos RAT in multiple global hacking campaigns, according to Cisco’s Talos Security Intelligence and Research Group. The ads say Remcos Remote Access Tool is legal IT management software. But the RAT allows a user to sneak malware by security products and then secretly surveil a targeted computer. Remcos itself is sold by a German-registered company, Breaking Security, that markets it as a legitimate way to remotely access computers. However, the software has been spotted in hacking campaigns targeting defense contractors in Turkey, news agencies, diesel equipment manufacturers, airlines and energy sector companies. “What we found here is a piece of software being used by bad guys in a lot of different places,” Cisco Talos director Craig Williams told CyberScoop. “They sell a crypter attempting to make the malware undetectable, a keylogger payload, a mass mailer to mail it out and they even have […]

The post Talos: Remcos software is a surveillance tool posing as legitimate software appeared first on Cyberscoop.

Continue reading Talos: Remcos software is a surveillance tool posing as legitimate software

LuminosityLink malware author pleads guilty

The author of the LumunosityLink malware pleaded guilty in federal court on Monday. Colton Grubs, a 21-year-old man from Kentucky, faced up to 25 years in prison had the case gone to trial. LumunosityLink first earned a spotlight in 2015 when Proofpoint researchers looked past the benign advertisements for the product and found a “very aggressive key logger that injects its code in almost every running process on the computer.” The malware was sold for $40 as a Remote Access Tool (RAT) that, according to the product’s advertising, “allows system administrators to manage a large amount of computers concurrently.” In reality, it was malware that allowed over 6,000 customersto take over thousands of computers in 78 countries. Here was LuminosityLink’s website boasting about “powerful surveillance” capabilities: LuminosityLink was sold on HackForums, an infamous information security community that routinely features heavily in cybercrime indictments. The Mirai botnet found its way to […]

The post LuminosityLink malware author pleads guilty appeared first on Cyberscoop.

Continue reading LuminosityLink malware author pleads guilty

‘LuminosityLink RAT’ Author Pleads Guilty

A 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called “LuminosityLink,” a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers across 78 countries worldwide. Continue reading ‘LuminosityLink RAT’ Author Pleads Guilty

Bot Roundup: Avalanche, Kronos, NanoCore

It’s been a busy few weeks in cybercrime news, justifying updates to a couple of cases we’ve been following closely at KrebsOnSecurity. In Ukraine, the alleged ringleader of the Avalanche malware spam botnet was arrested after eluding authorities in the wake of a global cybercrime crackdown there in 2016. Separately, a case that was hailed as a test of whether programmers can be held accountable for how customers use their product turned out poorly for 27-year-old programmer Taylor Huddleston, who was sentenced to almost three years in prison for making and marketing a complex spyware program. Continue reading Bot Roundup: Avalanche, Kronos, NanoCore