Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts and incidents every weekday.

First time seeing this? Please subscribe.

🚨 Cyber Alerts

1. ESET Discovers Lazarus APT Group's WinorDLL64 Payload in Wslink Downloader

Cybersecurity firm ESET has identified the WinorDLL64 payload as part of the Wslink downloader, which runs as a server and executes received modules in memory. ESET has attributed the Lazarus APT group, notorious for high-profile attacks on both public and private entities, to the malware based on the targeted region and similarities in behavior and code with known Lazarus samples. The backdoor WinorDLL64 acquires extensive system information, enables file manipulation, and executes additional commands, communicating over a connection already established by the Wslink loader.

2. Fraudulent ChatGPT Social Media Page Used to Spread Malware

OpenAI's ChatGPT, which has attracted over 100 million users since its launch in November 2022, has been exploited by threat actors to distribute malware and carry out other cyber attacks, according to Cyble Research and Intelligence Labs (CRIL). CRIL has detected several phishing websites that are being promoted through a fraudulent OpenAI social media page to spread various types of malware, and several phishing sites are impersonating ChatGPT to steal credit card information. Furthermore, various families of Android malware are using the icon and name of ChatGPT to mislead unsuspecting users into downloading malicious applications, leading to the theft of sensitive information from Android devices.

3. Magecart Skimmer Collects IP Addresses and Browser User Agents to Create Unique Victim Profile

Malwarebytes Labs has detected a new Magecart skimmer that not only steals sensitive information from unsuspecting victims but also records their IP address and browser user agent. The skimmer uses iframes to create a page identical to that of an official payment platform, and the victim is unaware that their data has been compromised. The cybercriminals may be collecting this additional data for quality checks and to monitor for any invalid users, such as bots and security researchers, showcasing the advanced capabilities of modern skimming techniques. Online merchants should implement proactive and robust security defenses to protect against such threats.

4. European Commission Temporarily Bans TikTok on Employee Devices for Cybersecurity Reasons

The European Commission's Corporate Management Board has suspended the use of TikTok on all devices issued to employees or devices that employees use for work purposes. The move is part of the Commission's efforts to increase its cybersecurity measures, amid growing worries over the Chinese-owned video sharing app. The EU's decision follows similar moves in the US, where over half of the states and Congress have banned TikTok from official government devices. TikTok is now required to be deleted from all devices used for professional business by employees by March 15.

5. Unknown Asian hacking group 'Clasiopa' targets materials research organizations with unique toolset

Cybersecurity firm Symantec has uncovered a new threat actor dubbed 'Clasiopa' targeting materials research organisations in Asia with an unknown set of tools. The hacking group may have ties to India, due to its use of the Sanskrit term 'Saptarishi' and the password 'iloveindea1998^_^'. However, Symantec warned that the information may have been planted as false flags, and that the group's methods remain unknown.