650,000+ Malicious Domains Registered Resembling ChatGPT

Hackers abuse the ChatGPT name for malicious domains to exploit the credibility associated with the ChatGPT model, deceiving users into trusting fraudulent websites. 

Leveraging the model’s reputation enables them to trick individuals into:-

• Revealing sensitive information
• Downloading malicious content

H2 2023’s ransomware from ESET highlight isn’t typical, as it’s the “MOVEit hack” by the Russian ransomware group Cl0p, and here below, we have mentioned all the other names of Cl0p:-

• Lace Tempest
• FIN11
• TA505
• Evil Corp

This ransomware group is well-known for using ransomware in large-scale hacks; this time, their massive campaign used a zero-day vulnerability (CVE-2023-34362) in MOVEit on May 27.

Free Webinar

Fastrack Compliance: The Path to ZERO-Vulnerability

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

Register for Free

The flaw, held since 2021, enabled unauthorized access, showcasing Cl0p’s evolution beyond traditional ransomware exploits. Recently, the cybersecurity researchers at ESET discovered more than 650,000 malicious domains registered resembling ChatGPT.

Massive Ransomware Attacks

The Russian ransomware group, Cl0p, hit global firms and US agencies in this attack. A notable change is that now they leak data on the open web if the ransom isn’t paid, it’s a tactic shared with the ALPHV ransomware gang.

The FBI notes ransomware evolving with multi-variant attacks like:-

• Deployment of multiple ransomware variants
• Use of wipers following data theft and encryption

In IoT, cybersecurity researchers find and disable the Mozi botnet with a discovered kill switch.

The Mozi botnet, which has been among the largest in three years, fell suddenly, prompting questions on kill switch use by developers or Chinese authorities. 

Besides this, the new threat, Android/Pandora, hits the following types of Android devices for DDoS attacks in the same landscape:-

• Smart TVs
• TV boxes
• Mobile devices

Cybersecurity researchers pinpoint the campaigns hitting ChatGPT users and numerous tries to access shady domains like-

• chapgpt

Apart from this, the threats include insecure handling of OpenAI API keys, stressing the need for key privacy protection.

Cybersecurity analysts discovered a significant surge in the use of Android spyware like “SpinOk.” H2 2023 sees a surge in three-year-old JS/Agent and persistent Magecart attacks on unpatched websites. 

Moreover, the prevention is possible with better security measures by developers and admins.

Cryptostealers surge with Lumma Stealer, a malware-as-a-service infostealer targeting crypto wallets. But, Bitcoin’s value rises without matching the increased cryptocurrency threats. 

All these evolutions in the cybersecurity landscape highlight the diverse threat tactics.