Researchers at Group-IB recently made a concerning discovery regarding the security of ChatGPT accounts. Over the course of 12 months leading up to May 2023, the login credentials of more than 100,000 compromised ChatGPT accounts were found being sold on dark web marketplaces. These usernames and passwords were uncovered within information-stealing malware being traded on underground cybercrime forums.
The distribution of these AI-powered chatbot account credentials raises several worrisome issues. Firstly, as the use of OpenAI's ChatGPT in workplaces continues to grow, there is an increased risk that confidential and sensitive information could end up in unauthorised hands due to the sharing of account passwords. Moreover, there is a genuine concern that users may have reused the same password for their ChatGPT accounts as they did for other online accounts, potentially allowing hackers to exploit the compromised details to gain access to other accounts and potentially steal additional corporate data.
According to the researchers, the majority of the breached ChatGPT credentials were acquired through the use of the notorious Raccoon information-stealing malware. Cybercriminals employ this malware to extract sensitive data from victims' browsers and cryptocurrency wallets, including saved credit card details, login information, and data stored in cookies.
Malicious hackers and fraudsters had the option to purchase access to Raccoon's capabilities for as little as $200 per month. However, the arrest of the alleged developer of Raccoon, Mark Sokolovsky, in the Netherlands at the request of the FBI disrupted the malware's development. This arrest contradicted the earlier claims by the malware-as-a-service group that their leading developer had been killed during Russia's invasion of Ukraine.
Although Sokolovsky's arrest resulted in the dismantling of Raccoon's infrastructure, new versions of the malware have since emerged, now priced at $275 per month. It is estimated that by the end of 2022, approximately one million individuals had fallen victim to Raccoon, with the most common method of attack being booby-trapped emails.
Apple has taken swift action by releasing an urgent security update to address two previously unknown vulnerabilities, known as 0 days, that were exploited in a campaign called Operation Triangulation. Kaspersky, the discoverer of the incident, referred to it by this name. The vulnerabilities, identified as CVE-2023-32434 and CVE-2023-32435, were utilised in a zero-click attack via iMessage, where simply receiving a message triggered the infection without requiring any user interaction.
Simultaneously, Kaspersky published its comprehensive analysis of Operation Triangulation, shedding light on the spyware and the specific techniques employed to exploit these two 0-day vulnerabilities. The spyware demonstrated its ability to manipulate files, disrupt ongoing processes, extract credentials and certificates, and transmit geolocation data, including device coordinates, altitude, speed, and direction of movement.
Apple's prompt release of the security update aligns with Kaspersky's findings, underlining the seriousness of the vulnerabilities and the need for immediate protection against potential exploitation.
Defiant's Wordfence has issued an advisory revealing a critical security vulnerability in the popular WordPress plugin "Abandoned Cart Lite for WooCommerce," which is currently installed on over 30,000 websites. This vulnerability enables attackers to gain unauthorised access to user accounts associated with abandoned shopping carts, including high-level accounts under certain conditions.
Assigned CVE-2023-2986 and scoring a severity rating of 9.8 out of 10 on the CVSS scale, the flaw affects all versions of the plugin, including versions 5.14.2 and prior. The vulnerability stems from an authentication bypass issue caused by insufficient encryption measures during the notification process for customers who abandoned their carts on e-commerce sites.
Essentially, the plugin's encryption key is hardcoded, allowing malicious actors to log in as a user with an abandoned cart. Security researcher István Márton warns that exploiting this authentication bypass could potentially grant access to administrative or higher-level user accounts.
Upon responsible disclosure on May 30, 2023, the plugin developer, Tyche Softwares, addressed the vulnerability with version 5.15.0, released on June 6, 2023. The latest version available is 5.15.2.
Coinciding with this disclosure, Wordfence also unveiled another authentication bypass vulnerability affecting StylemixThemes' "Booking Calendar | Appointment Booking | BookIt" plugin, which has over 10,000 installations. Tracked as CVE-2023-2834 and scoring 9.8 on the CVSS scale, this flaw permits unauthenticated attackers to log in as any existing user on a site, including administrators, by exploiting insufficient verification during appointment booking. The issue was resolved in version 2.3.8, released on June 13, 2023, effectively addressing the vulnerability present in versions 2.3.7 and earlier.
References for the report:
Group-IB. (2023). Over 100,000 ChatGPT Accounts were Hacked and Sold.
Sokolovsky, M. (2023). Raccoon information-stealing malware.
Kaspersky. (2023). Operation Triangulation.
Apple Inc. (2023). Security Updates to Address Actively Exploited Vulnerabilities in iOS, macOS, and Safari.
Defiant’s Wordfence. (2023). Critical Security Vulnerability in the WordPress Plugin Abandoned Cart Lite for WooCommerce
*Subscribe to our newsletter
.svg)
.png)
.png)
.png)