Saturday, February 8, 2025
HomeChatGPT650,000+ Malicious Domains Registered Resembling ChatGPT

650,000+ Malicious Domains Registered Resembling ChatGPT

Published on

SIEM as a Service

Follow Us on Google News

Hackers abuse the ChatGPT name for malicious domains to exploit the credibility associated with the ChatGPT model, deceiving users into trusting fraudulent websites. 

Leveraging the model’s reputation enables them to trick individuals into:-

  • Revealing sensitive information
  • Downloading malicious content

H2 2023’s ransomware from ESET highlight isn’t typical, as it’s the “MOVEit hack” by the Russian ransomware group Cl0p, and here below, we have mentioned all the other names of Cl0p:-

  • Lace Tempest
  • FIN11
  • TA505
  • Evil Corp

This ransomware group is well-known for using ransomware in large-scale hacks; this time, their massive campaign used a zero-day vulnerability (CVE-2023-34362) in MOVEit on May 27.

Document
Free Webinar

Fastrack Compliance: The Path to ZERO-Vulnerability

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

The flaw, held since 2021, enabled unauthorized access, showcasing Cl0p’s evolution beyond traditional ransomware exploits. Recently, the cybersecurity researchers at ESET discovered more than 650,000 malicious domains registered resembling ChatGPT.

Massive Ransomware Attacks

The Russian ransomware group, Cl0p, hit global firms and US agencies in this attack. A notable change is that now they leak data on the open web if the ransom isn’t paid, it’s a tactic shared with the ALPHV ransomware gang.

The FBI notes ransomware evolving with multi-variant attacks like:-

  • Deployment of multiple ransomware variants
  • Use of wipers following data theft and encryption

In IoT, cybersecurity researchers find and disable the Mozi botnet with a discovered kill switch.

The Mozi botnet, which has been among the largest in three years, fell suddenly, prompting questions on kill switch use by developers or Chinese authorities. 

Besides this, the new threat, Android/Pandora, hits the following types of Android devices for DDoS attacks in the same landscape:-

  • Smart TVs
  • TV boxes
  • Mobile devices

Cybersecurity researchers pinpoint the campaigns hitting ChatGPT users and numerous tries to access shady domains like-

  • chapgpt

Apart from this, the threats include insecure handling of OpenAI API keys, stressing the need for key privacy protection.

Cybersecurity analysts discovered a significant surge in the use of Android spyware like “SpinOk.” H2 2023 sees a surge in three-year-old JS/Agent and persistent Magecart attacks on unpatched websites. 

Moreover, the prevention is possible with better security measures by developers and admins.

Cryptostealers surge with Lumma Stealer, a malware-as-a-service infostealer targeting crypto wallets. But, Bitcoin’s value rises without matching the increased cryptocurrency threats. 

All these evolutions in the cybersecurity landscape highlight the diverse threat tactics.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...