Tuesday, February 11, 2025
Follow us On Linkedin
Home Blog

OpenAI Developing Its Own Chip to Reduce Reliance on Nvidia

By
Divya
-
OpenAI Developing Its Own Chip to Reduce Reliance on Nvidia

OpenAI, the organization behind ChatGPT and other advanced AI tools, is making significant strides in its efforts to reduce its dependency on Nvidia by developing its first in-house artificial intelligence chip.

According to the source, OpenAI is finalizing the design of its first-generation AI processor, which is expected to be sent for fabrication in the coming months at Taiwan Semiconductor Manufacturing Company (TSMC).

The process, known as “taping out,” marks a critical milestone in chip development. If all goes as planned, OpenAI aims to begin mass production in 2026.

However, there is no certainty that the chip will work flawlessly on the first attempt, as any errors could necessitate costly redesigns and additional tape-out stages.

The move to develop custom chips is seen as strategic for OpenAI, giving the company greater negotiating leverage with existing chip suppliers like Nvidia, which currently dominates the AI chip market with an 80% share.

Similar efforts by tech giants such as Microsoft and Meta have faced challenges, highlighting the complexity of custom chip design.

OpenAI’s in-house team, led by Richard Ho, has grown rapidly, doubling to 40 engineers in recent months. Ho, who previously worked on Google’s custom AI chips, is spearheading the initiative in collaboration with Broadcom.

Reports suggest that designing and deploying a high-performance chip of this magnitude could cost the company upwards of $500 million, with additional investments required for accompanying software and infrastructure.

Chip Features and Deployment

The new chip will leverage TSMC’s cutting-edge 3-nanometer fabrication process, incorporating advanced high-bandwidth memory (HBM) and a systolic array architecture—features commonly found in Nvidia’s chips.

Despite its potential, the chip’s initial deployment will likely be limited to running AI models rather than training them.

While the custom chip development is an ambitious step, it may take years for OpenAI to match the scale and sophistication of chip programs run by Google and Amazon.

Expanding such efforts would require the AI leader to significantly increase its engineering workforce.

The demand for AI chips continues to soar as generative AI models become increasingly complex.

Organizations, including OpenAI, Google, and Meta, require massive computing power to operate these models, leading to an “insatiable” need for chips. In response, companies are investing heavily in AI infrastructure.

Meta has allocated $60 billion for AI development in 2025, while Microsoft is set to spend $80 billion the same year.

OpenAI’s move to develop its silicon reflects an industry-wide trend of reducing reliance on dominant suppliers like Nvidia.

Although still in its early stages, the company’s in-house chip initiative could reshape its operational landscape, offering cost savings, competitive flexibility, and improved efficiency as it continues to push the boundaries of AI innovation.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

New York Bans DeepSeek Over Potential Data Risks

By
Divya
-
New York Bans DeepSeek Over Potential Data Risks

 New York Governor Kathy Hochul announced that the state has banned the use of the China-based AI startup DeepSeek on government-issued devices and networks.

The decision stems from escalating concerns over potential foreign surveillance and censorship risks associated with the app, which has recently gained meteoric popularity.

Governor Hochul issued a statement addressing the ban, emphasizing the importance of protecting New Yorkers from emerging cyber threats.

“Public safety is my top priority, and we’re working aggressively to protect New Yorkers from foreign and domestic threats,” she said.

Gov. Kathy Hochul’s office cited “serious concerns” about DeepSeek.
Gov. Kathy Hochul’s office cited “serious concerns” about DeepSeek.

“New York will continue fighting to combat cyber threats, ensure the privacy and safety of our data, and safeguard against state-sponsored censorship.”

Concerns Over Data Collection and Censorship

DeepSeek, an AI-driven chatbot, surged to fame after its developers claimed they built an advanced AI model on a modest budget of less than $6 million, without advanced Nvidia chips controlled under U.S. export restrictions.

However, cybersecurity experts have raised red flags about the app’s potential for data collection and surveillance.

Reports suggest it gathers sensitive user data, including IP addresses, keystroke patterns, and other metadata, all of which are stored on servers in China.

This raises concerns that the Chinese Communist Party (CCP) could exploit the data for espionage or technological theft. The app has also faced allegations of censorship aligned with CCP directives.

For instance, DeepSeek reportedly avoids responding to queries about politically sensitive topics such as President Xi Jinping, the Tiananmen Square massacre, and Taiwan’s sovereignty.

Critics say the app’s behavior reflects Chinese state propaganda tactics, further heightening fears about its role in government settings.

The ban prohibits New York state employees from downloading or using DeepSeek on government-issued devices. However, the restriction does not extend to personal devices.

The move follows similar actions taken against other China-based apps in the U.S., reflecting broader concerns about data security in the face of rising global tensions.

DeepSeek, which could not be reached for comment, has also come under scrutiny for its hiring practices.

A recent report revealed that the startup employed at least four workers who were previously part of Microsoft’s controversial AI lab in China—a facility frequently criticized by U.S. lawmakers as a potential security threat.

Despite DeepSeek’s technical innovation and popularity, its ties to China and alleged alignment with CCP policies have cast a shadow over its operations.

Experts, including tech leaders Elon Musk and Scale AI’s Alexandr Wang, have speculated that the startup may have access to more advanced technologies than it admits, potentially bypassing U.S. export restrictions.

New York’s decision could set a precedent for other states, igniting broader conversations about balancing technological advancements with data privacy and national security.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

Hackers Exploit Valentine’s Day Domains for Sneaky Cyber Attacks

By
Divya
-
Hackers Exploit Valentine’s Day Domains for Sneaky Cyber Attacks

Cybercriminals are capitalizing on the season of love to launch sneaky and deceptive cyberattacks.

According to the whoisxmlapi shared on the X, there has been a surge in the registration of Valentine’s Day-themed domains, many of which are likely being used to perpetrate phishing schemes and online fraud.

Valentine’s Day is a time when individuals are more likely to engage in online shopping, send e-cards, or use dating platforms.

This creates the perfect opportunity for hackers to exploit unsuspecting users.

By registering seemingly legitimate domains themed around love, gifts, and romance, these cybercriminals aim to lure victims into clicking on malicious links, sharing sensitive information, or making fraudulent purchases.

How the Scam Works

The recently observed tactic involves registering domains with keywords such as “valentine,” “love,” “gifts,” or “flowers.”

While some of these domains are likely legitimate, reports indicate that hackers often use them as bait in phishing attacks.

For instance, users might receive emails or ads promoting Valentine’s Day sales or romantic surprises. However, clicking these links could lead to fake websites designed to steal financial or personal information.

Phishing emails often mimic legitimate businesses, offering irresistible discounts on popular Valentine’s Day gifts such as jewelry, flowers, and chocolates.

Others may impersonate trusted dating platforms, prompting users to log into accounts that scammers have maliciously duplicated.

Cyber experts highlight the importance of vigilance during this season. Here are a few tips to protect yourself:

  1. Verify Links: Always double-check the URL of websites where you enter sensitive information. Look for signs of legitimacy, such as an HTTPS protocol or trusted security badges.
  2. Be Wary of Deals That Are Too Good to Be True: Fraudulent websites often lure users with extreme discounts or offers that sound unrealistic.
  3. Avoid Clicking on Suspicious Links: If you receive promotional emails, type the website’s address manually into your browser to avoid being redirected to malicious sites.
  4. Use Domain Monitoring Tools like DRS: Services like Domain Research Suite (DRS) by WhoisXML API allow real-time monitoring of suspicious domains, helping users stay ahead of threats.

While Valentine’s Day is a celebration of love and connection, it’s also an opportune time for cybercriminals to exploit unsuspecting users.

By staying vigilant and using tools to monitor suspicious activity, you can protect yourself and your loved ones from falling into cyber traps.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

EARLYCROW: Detecting APT Malware Command and Control Activities Over HTTPS

By
Aman Mishra
-
EARLYCROW

Advanced Persistent Threats (APTs) represent a sophisticated and stealthy category of cyberattacks targeting critical organizations globally.

Unlike common malware, APTs employ evasive tactics, techniques, and procedures (TTPs) to remain undetected for extended periods.

Their command-and-control (C&C) communications often mimic legitimate web traffic, making detection particularly challenging for traditional Network Intrusion Detection Systems (NIDS).

To address this challenge, researchers from Imperial College London have introduced EARLYCROW, a novel approach for detecting APT malware C&C activities over HTTP(S).

The EARLYCROW Approach

EARLYCROW is designed to identify malicious network traffic by leveraging contextual summaries derived from network packet captures (PCAP).

Overview of the PAIRFLOW workflow

Central to its methodology is the introduction of a new multipurpose network flow format called PAIRFLOW, which aggregates behavioral, statistical, and protocol-specific attributes of network traffic.

This enables the system to detect malicious patterns even in encrypted HTTPS communications.

The design of EARLYCROW is informed by a threat model that focuses on four primary cases of APT behavior:

  1. Case I: Malware with a hard-coded Fully Qualified Domain Name (FQDN) communicates with C&C servers via HTTP or HTTPS.
  2. Case II: Malware connects directly to an IP address embedded in the code, bypassing DNS resolution.
  3. Case III: Similar to Case I but uses raw TCP for subsequent communications.
  4. Case IV: Similar to Case II but relies on raw TCP instead of HTTP(S).

The system emphasizes detecting TTPs such as fallback channels, protocol impersonation, and low-profile communication patterns, which are often employed by APTs to evade detection.

Key Features of EARLYCROW

  • PAIRFLOW Format: PAIRFLOW captures detailed connection-level data, including FQDNs, URLs, user-agent strings, encryption settings, and statistical metrics like packet interarrival times and data exchange ratios.
  • Contextual Summaries: By grouping features into profiles for hosts, destinations, and URLs, EARLYCROW builds a comprehensive view of network activity.
  • Detection Versatility: The system performs well in scenarios where only encrypted HTTPS traffic is visible, achieving high accuracy without requiring payload decryption.
EARLYCROW
Overview of the EARLYCROW architecture.

EARLYCROW was evaluated using real-world datasets containing both known and unseen APT malware samples. Key findings include:

  • Achieved a macro-average F1-score of 93.02% on unseen APT samples with a False Positive Rate (FPR) of just 0.74%.
  • Demonstrated robustness in detecting evasive TTPs across different deployment scenarios, including cases where only HTTPS traffic was accessible.
  • Outperformed baseline systems by effectively leveraging novel features such as data packet exchange idle times and fallback channel detection.

According to the research, EARLYCROW represents a significant advancement in the detection of stealthy APT campaigns.

By focusing on contextual summaries and innovative features tailored to APT TTPs, it provides security teams with an effective tool for early-stage detection of sophisticated threats.

Its ability to operate effectively in both HTTP and HTTPS environments ensures broad applicability across modern network infrastructures.

Heatmap for EARLYCROW-HTTPS

Further research could expand EARLYCROW’s capabilities to address other forms of malicious communication beyond HTTP(S), such as raw TCP or DNS tunneling.

Additionally, integrating EARLYCROW with existing Security Information and Event Management (SIEM) systems could enhance its operational utility in enterprise environments.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

Enhanced IllusionCAPTCHA: Advanced Protection Against AI-Powered CAPTCHA Attacks

By
Aman Mishra
-
IllusionCAPTCHA

As AI technologies continue to evolve, traditional CAPTCHA systems face increasing vulnerabilities.

Recent studies reveal that advanced AI models, such as multimodal large language models (LLMs), can bypass many existing CAPTCHA mechanisms with alarming efficiency.

To address this challenge, researchers have introduced IllusionCAPTCHA, a groundbreaking system leveraging visual illusions to create tasks that are intuitive for humans but confounding for AI.

IllusionCAPTCHA operates under the “Human-Easy but AI-Hard” principle.

By embedding visual illusions into CAPTCHA challenges, it exploits the unique cognitive abilities of human perception while capitalizing on AI’s limitations in interpreting such discrepancies.

This approach not only enhances security against automated attacks but also improves user experience by offering simpler, more intuitive tasks for human users.

Design Innovations

The development of IllusionCAPTCHA was guided by a comprehensive empirical study evaluating the effectiveness of current CAPTCHA systems against state-of-the-art LLMs like GPT-4o and Gemini 1.5 Pro 2.0.

The findings were stark: while LLMs performed well on text-based and image-based CAPTCHAs, they struggled significantly with reasoning-based challenges.

Text-based CAPTCHA
Image-based CAPTCHA

However, these reasoning-based CAPTCHAs also posed difficulties for human users, often requiring multiple attempts to solve.

To overcome these dual challenges, IllusionCAPTCHA introduces several innovative features:

  • Illusionary Image Generation: Using advanced diffusion models, images are altered to embed visual illusions that obscure their true content from AI while remaining recognizable to humans. For instance, an image of a forest might subtly conceal a specific object or text.
  • Structured Question Design: Each CAPTCHA includes multiple-choice options carefully crafted to mislead AI models. One option describes the illusionary elements in detail—an approach that exploits AI’s tendency to overanalyze visual data.
  • Inducement Prompts: These prompts subtly guide AI attackers toward predictable errors while providing hints that assist human users in identifying the correct answer.

Evaluation Results

The effectiveness of IllusionCAPTCHA was rigorously tested through user studies and experiments with advanced LLMs.

Overview of IllusionCAPTCHA

Key findings include:

  • Human Success Rates: 86.95% of human participants successfully passed IllusionCAPTCHA on their first attempt, significantly outperforming traditional CAPTCHAs.
  • AI Deception: Both GPT-4o and Gemini 1.5 Pro 2.0 failed to solve IllusionCAPTCHA under zero-shot and chain-of-thought (CoT) prompting methodologies, achieving a 0% success rate.
  • User Experience: Unlike reasoning-based CAPTCHAs that often frustrate users, IllusionCAPTCHA’s design ensures a seamless and intuitive experience.

IllusionCAPTCHA represents a paradigm shift in online security.

By leveraging human cognitive strengths against AI weaknesses, it provides a robust defense mechanism against increasingly sophisticated automated attacks.

Its user-friendly design also addresses longstanding criticisms of traditional CAPTCHAs, which are often seen as cumbersome and inaccessible.

As cyber threats continue to evolve, systems like IllusionCAPTCHA highlight the importance of innovation in maintaining digital security.

By combining cutting-edge technology with insights into human cognition, this new approach sets a benchmark for future CAPTCHA systems in an era dominated by AI advancements.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

Akira Ransomware Dominates January 2025 as the Most Active Ransomware Threat

By
Aman Mishra
-
Akira Ransomware

January 2025 marked a pivotal month in the ransomware landscape, with Akira emerging as the most active and dominant threat actor.

The group was responsible for 72 attacks globally, a 60% surge compared to previous months, underscoring its aggressive expansion and technical sophistication.

Akira’s rise is emblematic of the broader evolution of ransomware operations, characterized by advanced malware tactics and targeted exploitation of critical infrastructure vulnerabilities.

Manufacturing Sector and U.S. Among Primary Targets

The Manufacturing sector bore the brunt of Akira’s attacks, reporting 75 incidents globally in January.

This trend reflects ransomware groups’ focus on industries with high-value data and operational dependencies.

The IT sector also saw a significant 60% increase in attacks, driven by its critical role in supply chain operations and data management.

Geographically, the United States remained the most targeted region, with 259 incidents, followed by Canada, the UK, France, and Germany regions known for their robust economies and data-rich enterprises.

Technical Evolution

Akira’s operations have evolved significantly since its emergence in March 2023.

The group employs a Ransomware-as-a-Service (RaaS) model, leveraging affiliates to deploy ransomware while sharing profits with developers.

Recent campaigns utilized Python-based malware for lateral movement within networks and exploited VMware ESXi hypervisors a critical component of virtualized infrastructures via SSH tunneling for persistence and data encryption.

Akira Ransomware
Appearance of the Onion site

Akira’s hybrid encryption scheme combines ChaCha20 for speed with RSA for secure key exchange, ensuring robust data encryption.

Additionally, its latest variant, “Akira v2,” written in Rust, targets Linux systems and VMware ESXi servers.

According to the Cyfirma, this variant employs advanced obfuscation techniques, further complicating detection and analysis by security experts.

While Akira dominated January’s ransomware landscape, new groups such as MORPHEUS and Gd Lockersec also surfaced.

MORPHEUS shares a codebase with HellCat ransomware, indicating potential collaboration or shared resources.

Gd Lockersec focuses on financial gains while avoiding attacks on specific regions and non-profit organizations.

The surge in ransomware activity highlights the growing sophistication of threat actors and their ability to exploit vulnerabilities across diverse sectors.

The sharp increase in incidents from 280 victims in January 2024 to 510 in January 2025 emphasizes the escalating threat posed by ransomware groups like Akira.

This trend underscores the urgent need for organizations to adopt proactive cybersecurity measures, including regular patching, network segmentation, multi-factor authentication (MFA), and employee training to mitigate risks.

As ransomware groups continue to innovate and expand their operations globally, businesses must prioritize robust defenses to safeguard sensitive data and maintain operational resilience against this evolving cyber threat.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

SolarWinds Improves Web Help Desk in Latest 12.8.5 Update

By
Divya
-
SolarWinds Improves Web Help Desk in Latest 12.8.5 Update

SolarWinds announced the release of Web Help Desk (WHD) version 12.8.5, unveiling a host of new features, updates, and fixes aimed at streamlining IT service management and enhancing security.

The update brings significant enhancements to the Purchase Order (PO) section, database communication, and overall usability.

Web Desk Help

Key Features and Updates

1. Improved Purchase Order Management

One of the standout new features is the addition of a Quantity and Total Cost field in the Purchase Order section.

This update enables users to effortlessly track bulk purchases. Furthermore, SolarWinds has introduced a Line Item Header with an expansion feature, which consolidates similar assets under a single header for simplicity.

For instance, 200 units of the same model (e.g., MacBook Pro) can now be grouped under one expandable header, reducing repetitive entries and streamlining asset management.

2. Real-Time Notifications for Updates

With this release, SolarWinds introduces a proactive notification system. Admins will now receive popup messages about new updates or hotfixes when logging in.

A scheduled API call will also display monthly update notification messages on both the TECH and Admin sides. This ensures admins are always up to date with the latest improvements and features.

3. Enhanced Database Security

The 12.8.5 update strengthens security measures by upgrading the cryptographic algorithms used between WHD and the database.

This improvement adds an extra layer of protection against unauthorized access, ensuring secure communication.

Admins must update their database credentials after upgrading and run a migration tool to align existing credentials with the enhanced algorithms.

4. Library Software Upgrades

SolarWinds has also upgraded several underlying components, including Tomcat, which is now updated to version 9.0.98, further improving application performance and stability.

Bug Fixes

Several outstanding issues have been addressed in this release, such as:

  • Proper sorting of request types in canned response templates (Case #01827178).
  • Successful downloading of imported PO attachments (Case #01333276).
  • Resolution of issues with the Jabsorb library in version 12.8.4.

SolarWinds advises customers to review the WHD 12.8.5 system requirements and follow the Installation and Upgrade Guide to ensure a seamless update process.

The new release also supports Windows Server 2019 and 2022 for production environments and Windows 11 for trial evaluations.

SolarWinds continues to push forward in its mission to simplify IT asset and service management. Customers can expect ongoing updates and improvements to WHD in the future.

WHD 12.8.5 solidifies SolarWinds’ position as a leader in the IT service management domain, combining innovation with robust security and user-friendly enhancements.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

FinStealer Malware Targets Leading Indian Bank’s Mobile Users, Stealing Login Credentials

By
Aman Mishra
-
FinStealer Malware

A new cybersecurity threat has emerged, targeting customers of a prominent Indian bank through fraudulent mobile applications.

Dubbed “FinStealer,” this malware campaign employs advanced techniques to steal sensitive financial and personal information, including banking credentials, credit card details, and other personally identifiable information (PII).

Distributed via phishing links and unofficial app stores, the malware mimics legitimate banking apps to deceive users into divulging their data.

Attack Mechanisms

The FinStealer malware leverages cutting-edge evasion techniques to bypass security systems.

These include encrypted communication with Command-and-Control (C2) servers, dynamic payload execution, and runtime behavior modifications.

Additionally, it uses XOR encryption and Telegram bots for operational complexity and data exfiltration.

The attackers also exploit vulnerabilities such as SQL injection (CVE-2011-2688) to compromise C2 servers, enabling unauthorized access to critical information like server passwords.

FinStealer Malware
Snapshot of C2 Server

Once installed on a victim’s device, the malware requests permissions to access SMS messages, enabling it to intercept one-time passwords (OTPs) and other sensitive communications.

This capability allows attackers to bypass multi-factor authentication (MFA) mechanisms, facilitating unauthorized transactions and identity theft.

The malware’s ability to remain undetected underscores its sophistication, posing significant risks to both individual users and financial institutions.

Impact and Threat Landscape

The primary motive behind the FinStealer campaign is financial gain through large-scale credential theft, unauthorized transactions, and the sale of stolen data on darknet forums.

The stolen information is also used for broader fraud operations, including money laundering and account exploitation.

FinStealer Malware
Obfuscated Code.

Cyfirma researchers have identified the malware’s association with a malicious website hosting fake versions of the bank’s app.

This site distributes the malware via phishing campaigns disguised as advertisements or download prompts.

The campaign has exposed vulnerabilities in mobile banking infrastructure, particularly in regions with high adoption rates of digital financial services.

With approximately 50,000 users compromised in similar attacks targeting Indian banks recently, the scale of this threat highlights the urgent need for enhanced cybersecurity measures.

To counter such sophisticated threats, experts recommend a multi-layered cybersecurity approach:

  • User Awareness: Educate users about the risks of downloading apps from unofficial sources and clicking on phishing links.
  • Advanced Threat Monitoring: Deploy behavior-based endpoint protection systems capable of detecting anomalies beyond signature-based methods.
  • Vulnerability Patching: Regularly update software and patch known vulnerabilities in both mobile applications and associated servers.
  • Enhanced MFA: Transition from SMS-based OTPs to more secure authentication methods like biometrics or hardware tokens.
  • Proactive Threat Intelligence: Monitor for fake apps impersonating legitimate banking services on third-party platforms.

This incident serves as a stark reminder of the growing sophistication of cyberattacks targeting mobile banking users.

Both individuals and organizations must adopt robust security practices to safeguard sensitive data against evolving threats like FinStealer.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

Evil Crow RF Tool Transforms Smartphones into Powerful RF Hacking Devices

By
Divya
-
Evil Crow RF Tool Transforms Smartphones into Powerful RF Hacking Devices

Innovative tools are continually appearing to enhance the capabilities of professionals and enthusiasts alike.

One new entrant into the world of radio frequency (RF) tools is the Evil Crow RF V2, a compact device that transforms your smartphone into a powerful tool for RF analysis and penetration testing.

Evil Crow
Evil Crow

With its portable design, user-friendly features, and a broad range of functionalities, this gadget has quickly gained attention among cybersecurity professionals.

Smartphones, while immensely capable, often fall short when it comes to RF analysis and hacking.

The Evil Crow RF V2 bridges this gap by allowing users to explore wireless signals, perform penetration tests, and conduct RF signal manipulation—all on the go.

Designed by Joel Serna Moreno, this pocket-sized device operates seamlessly via a smartphone connection, eliminating the need for bulky computers or additional hardware like Raspberry Pi.

Whether you’re a pentester or a Red Team operator, this tool offers unparalleled mobility and versatility.

What Makes Evil Crow RF V2 Unique?

The Evil Crow RF V2 is designed specifically to support Sub-GHz frequencies, covering ranges such as 300MHz–348MHz, 387MHz–464MHz, 779MHz–928MHz, and even 2.4GHz.

These bands are commonly used in key fobs, garage doors, remote-controlled gates, and IoT devices, making them valuable targets for security testing.

Equipped with dual CC1101 RF modules, the device can transmit and receive signals simultaneously on different frequencies.

Additionally, the NRF24L01 module offers functionality for specific attacks, such as mousejacking. Key Features of Evil Crow RF V2:

  • Signal Reception and Transmission: Capture and replay RF signals.
  • Replay Attacks: Send back signals at the right frequency to mimic legitimate devices.
  • Jamming and Brute Forcing: Intercept or disrupt signals effectively.
  • Mousejacking and Rolljam Attacks: Exploit vulnerabilities in wireless peripherals and rolling code systems.
  • Portability: Operates with your smartphone, removing the need for bulky external setups.

The device is open-source, meaning its functionalities can be extended by custom firmware.

A prime example is the custom firmware by h-RAT, which adds compatibility with popular tools like the Flipper Zero and unlocks advanced capabilities for signal manipulation.

How to Operate the Device

The Evil Crow RF V2 connects to your smartphone through a Wi-Fi access point it creates, providing a sleek user interface via a browser or smartphone app.

It operates on battery power or can draw power directly from the phone via an OTG (On-The-Go) adapter, making the entire setup highly mobile. Its compact size ensures it can discreetly fit into a pocket, while customizable hardware buttons allow users to assign specific tasks, like replaying any signal with a single press.

How Does It Compare to Alternatives?

The Evil Crow RF V2 holds its own against established RF tools but shines for its portability and affordability. Here are some comparisons:

  • Flipper Zero: A multi-tool covering RF, NFC, IR, and RFID functionalities. While feature-rich, it costs significantly more and often requires additional modules for full Sub-GHz coverage, unlike the Evil Crow RF.
  • Yard Stick One: Known for its simplicity and effectiveness, the Yard Stick One lacks the dual-module setup and flexibility of the Evil Crow RF V2.
  • Software-Defined Radios (SDR): These devices, like the HackRF or LimeSDR, offer broader frequency ranges but are bulkier and costlier, making them less practical for on-the-go RF hacking.
Assembled Part
Assembled Part

The Evil Crow RF V2 is not an SDR but focuses on Sub-GHz signal manipulation, making it highly efficient for specific wireless penetration testing tasks.

According to the Mobile hacker post, the Evil Crow RF V2 is designed for security testing, making it a favorite among professional pentesters, ethical hackers, and cybersecurity enthusiasts.

Assembled with RF tool
Assembled with RF tool

Responsibilities come with its power, and users must comply with ethical guidelines and local laws to avoid misuse. While it is a powerful tool for identifying and patching vulnerabilities, unauthorized activities are illegal and unethical.

The Evil Crow RF V2 is an affordable and portable RF hacking tool that brings advanced functionality to your smartphone.

By combining compact design with ease of use, the device offers impressive capabilities for tasks ranging from replay attacks to RF signal analysis.

For cybersecurity professionals seeking an effective yet budget-friendly RF analysis solution, the Evil Crow RF V2 is undoubtedly worth exploring. Whether for research, testing, or education, it is a groundbreaking addition to any professional’s toolkit.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

Massive Facebook Phishing Attack Targets Hundreds of Companies for Credential Theft

By
Aman Mishra
-
Facebook Phishing Attack

A newly discovered phishing campaign targeting Facebook users has been identified by researchers at Check Point Software Technologies.

The attack, which began in late December 2024, has already reached over 12,279 email addresses and impacted hundreds of companies globally.

The campaign exploits Facebook’s massive user base recognized as the most popular social network worldwide and leverages the platform’s branding to deceive victims into surrendering their credentials.

The phishing emails, sent primarily to enterprises in the European Union (45.5%), the United States (45.0%), and Australia (9.5%), falsely claim that the recipient’s recent activity may have violated copyright laws.

Versions of the phishing emails have also been observed in Chinese and Arabic, indicating a broad geographic target range.

Exploiting Salesforce’s Mailing Service for Credibility

The attackers utilize Salesforce’s automated mailing service to distribute the phishing emails, taking advantage of its legitimate infrastructure without breaching its security systems.

Facebook Phishing Attack
Chinese-language sample email

By retaining the sender ID as noreply@salesforce.com, the emails appear credible and bypass many email filters.

The messages include counterfeit Facebook logos and alarming language about copyright infringement, urging recipients to take immediate action.

Victims who click on the embedded links are redirected to a fraudulent Facebook support page designed to harvest their credentials.

The landing page mimics official Facebook interfaces and pressures users to provide login details under the guise of account review processes.

Consequences for Businesses and Industries

This phishing campaign poses significant risks to businesses that rely on Facebook for advertising, customer engagement, or brand visibility.

A compromised Facebook admin account can allow attackers to manipulate content, delete posts, or lock out legitimate administrators.

Such breaches can result in reputational damage, loss of client trust, and potential legal liabilities.

According to the Check Point research Report, for organizations in regulated sectors like healthcare or finance, the stakes are even higher.

Unauthorized access to sensitive data could lead to non-compliance with industry regulations, exposing businesses to fines and legal challenges.

To mitigate risks from such phishing campaigns, organizations should adopt proactive security measures.

Setting up alerts for suspicious login attempts and unusual account activity is critical.

Employee education is equally important; admins should be trained to verify account statuses directly through official channels rather than clicking on email links.

Businesses should also inform customers about legitimate communication practices to prevent further exploitation in case of account hijacking.

Additionally, maintaining an incident response plan can help recover compromised accounts swiftly while ensuring transparent communication with affected stakeholders.

This sophisticated phishing campaign underscores the importance of robust cybersecurity practices as cybercriminals continue to exploit trusted platforms like Facebook and Salesforce for malicious purposes.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

123...838Page 1 of 838

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved