info@thehackernews.com (The@The Hacker News
//
Google is integrating its Gemini Nano AI model into the Chrome browser to provide real-time scam protection for users. This enhancement focuses on identifying and blocking malicious websites and activities as they occur, addressing the challenge posed by scam sites that often exist for only a short period. The integration of Gemini Nano into Chrome's Enhanced Protection mode, available since 2020, allows for the analysis of website content to detect subtle signs of scams, such as misleading pop-ups or deceptive tactics.
When a user visits a potentially dangerous page, Chrome uses Gemini Nano to evaluate security signals and determine the intent of the site. This information is then sent to Safe Browsing for a final assessment. If the page is deemed likely to be a scam, Chrome will display a warning to the user, providing options to unsubscribe from notifications or view the blocked content while also allowing users to override the warning if they believe it's unnecessary. This system is designed to adapt to evolving scam tactics, offering a proactive defense against both known and newly emerging threats.
The AI-powered scam detection system has already demonstrated its effectiveness, reportedly catching 20 times more scam-related pages than previous methods. Google also plans to extend this feature to Chrome on Android devices later this year, further expanding protection to mobile users. This initiative follows criticism regarding Gmail phishing scams that mimic law enforcement, highlighting Google's commitment to improving online security across its platforms and safeguarding users from fraudulent activities.
Recommended read:
References :
- The Official Google Blog: Read our new report on how we use AI to fight scams on Search.
- Search Engine Journal: How Google Protects Searchers From Scams: Updates Announced
- www.zdnet.com: How Google's AI combats new scam tactics - and how you can stay one step ahead
- The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
- The Hacker News: Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
- securityonline.info: Chrome 137 Uses On-Device Gemini Nano AI to Combat Tech Support Scams
- BleepingComputer: Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web. [...]
- The Official Google Blog: Image showing a shield in front of a computer, phone, search bar and several warning notifications
- The Tech Portal: Google to deploy Gemini Nano AI for real-time scam protection in Chrome
- www.tomsguide.com: Google is keeping you safe from scams across search and your smartphone
- www.eweek.com: Google’s Scam-Fighting Efforts Just Got Accelerated, Thanks to AI
- the-decoder.com: Google deploys AI in Chrome to detect and block online scams.
- www.techradar.com: Tired of scams? Google is enlisting AI to protect you in Chrome, Google Search, and on Android.
- Daily CyberSecurity: Chrome 137 Uses On-Device Gemini Nano AI to Combat Tech Support Scams
- techstrong.ai: Google’s plan to soon give under-13 youngsters access to its flagship artificial intelligence (AI) chatbot Gemini is raising hackles among parents and child safety experts, but offers the latest proof point of the risks tech companies are willing to take to reach more potential AI users.
- PCMag UK security: Google's Chrome Browser Taps On-Device AI to Catch Tech Support Scams
- www.searchenginejournal.com: How Google Protects Searchers From Scams: Updates Announced
- Analytics India Magazine: Google Chrome to Use AI to Stop Tech Support Scams
- chromeunboxed.com: Online scams are an unfortunate reality of modern life, and the actors behind them are constantly upgrading their tactics. It’s a never-ending game of cat and mouse, but Google is doubling down on its efforts to protect users, and not surprisingly, AI is at the forefront of this renewed push.
- eWEEK: Google is intensifying efforts to combat online scams by integrating artificial intelligence across Search, Chrome, and Android, aiming to make fraud more difficult for cybercriminals.
@computerworld.com
//
The Darcula phishing-as-a-service (PhaaS) platform has recently integrated generative AI capabilities, marking a significant escalation in phishing threats. This update allows even individuals with limited technical skills to create highly convincing phishing pages at an unprecedented speed and scale. Security researchers spotted the update on April 23, 2025, noting that the addition of AI makes it simple to generate phishing forms in any language and translate them for new locations, simplifying the process to build tailored phishing pages with multi-language support and form generation — all without any programming knowledge.
The new AI-assisted features amplify Darcula's threat potential and include tools for customizing input forms and enhancing the layout and visual styling of cloned websites, according to Netcraft. The service allows users to provide a URL for any legitimate brand or service, after which Darcula downloads all of the assets from the legitimate website and creates a version that can be edited. Subscribers can then inject phishing forms or credential captures into the cloned website, which looks just like the original. The integration of generative AI streamlines this process, enabling less tech-savvy criminals to deploy customized scams in minutes.
This development lowers the technical barrier for creating phishing pages and is considered to be 'democratizing cybercrime'. Netcraft, a cybersecurity company, has reported taking down more than 25,000 Darcula pages and blocking nearly 31,000 IP addresses since March 2024. The Darcula suite uses iMessage and RCS to send text messages, which allows the messages to bypass SMS firewalls. Because of this, enterprise security teams now face an immediate escalation in phishing threats.
Recommended read:
References :
- The Register - Security: Darcula, a cybercrime outfit that offers a phishing-as-a-service kit to other criminals, this week added AI capabilities to its kit that help would-be vampires spin up phishing sites in multiple languages more efficiently.
- www.csoonline.com: The Darcula platform has been behind several high-profile phishing campaigns in the past, targeting both Apple and Android users in the UK, and including package delivery scams that impersonated the United States Postal Service (USPS).
- The Hacker News: The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes," Netcraft said in a fresh report shared with The Hacker News.
- Daily CyberSecurity: Netcraft researchers have uncovered a major development in the world of phishing-as-a-service (PhaaS): an update to the darcula-suite
- Blog: ‘Darcula’ PhaaS gets generative AI upgrade
- hackread.com: Darcula Phishing Kit Uses AI to Evade Detection, Experts Warn
- securityonline.info: Darcula-Suite: AI Revolutionizes Phishing-as-a-Service Operations
Stu Sjouwerman@blog.knowbe4.com
//
Cybercriminals are increasingly exploiting the power of artificial intelligence to enhance their malicious activities, marking a concerning trend in the cybersecurity landscape. Reports, including Microsoft’s Cyber Signals, highlight a surge in AI-assisted scams and phishing attacks. Guardio Labs has identified a specific phenomenon called "VibeScamming," where hackers leverage AI to create highly convincing phishing schemes and functional attack models with unprecedented ease. This development signifies a "democratization" of cybercrime, enabling individuals with limited technical skills to launch sophisticated attacks.
Cybersecurity researchers at Guardio Labs conducted a benchmark study that examined the capabilities of different AI models in facilitating phishing scams. While ChatGPT demonstrated some resistance due to its ethical guardrails, other platforms like Claude and Lovable proved more susceptible to malicious use. Claude provided detailed, usable code for phishing operations when prompted within an "ethical hacking" framework, while Lovable, designed for easy web app creation, inadvertently became a haven for scammers, offering instant hosting solutions, evasion tactics, and even integrated credential theft mechanisms. The ease with which these models can be exploited raises significant concerns about the balance between AI functionality and security.
To combat these evolving threats, security experts emphasize the need for organizations to adopt a proactive and layered approach to cybersecurity. This includes implementing zero-trust principles, carefully verifying user identities, and continuously monitoring for suspicious activities. As threat actors increasingly blend social engineering with AI and automation to bypass detection, companies must prioritize security awareness training for employees and invest in advanced security solutions that can detect and prevent AI-powered attacks. With improved attack strategies, organizations must stay ahead of the curve by continuously refining their defenses and adapting to the ever-changing threat landscape.
Recommended read:
@research.checkpoint.com
//
Russian state-sponsored espionage group Midnight Blizzard, also known as APT29 or Cozy Bear, is conducting a spear-phishing campaign targeting European diplomatic organizations. Check Point Research has been observing this sophisticated operation, which began in January 2025 and employs advanced techniques to target government officials and diplomats across Europe. The threat actors are impersonating a major European foreign affairs ministry to send deceptive emails inviting targets to wine-tasting events. This campaign, leveraging custom malware, aims to compromise diplomatic entities, including embassies of non-European countries.
The campaign introduces a previously unseen malware loader called GrapeLoader, along with a new variant of the Wineloader backdoor. The phishing emails, sent from domains like 'bakenhof[.]com' or 'silry[.]com,' contain malicious links that, under specific conditions, initiate the download of a ZIP archive named 'wine.zip'. If the targeting conditions are not met, victims are redirected to the legitimate website of the impersonated ministry, reducing suspicion. This mirrors a previous Wineloader campaign, indicating a continued focus on European diplomacy by APT29.
Once executed via DLL sideloading, GrapeLoader collects host information, establishes persistence by modifying the Windows Registry, and contacts a command-and-control server. The use of in-memory execution is an advanced evasion technique to complicate detection. The objective of the campaign is likely espionage, given APT29's history of targeting high-profile organizations, including government agencies and think tanks, and its association with the SolarWinds supply chain attack.
Recommended read:
References :
- Check Point Blog: Details on APT29's updated phishing campaign targeting European diplomatic organizations. Focus on new malware and TTPs
- BleepingComputer: Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies.
- bsky.app: Midnight Blizzard deploys new GrapeLoader malware in embassy phishing
- blog.checkpoint.com: Unmasking APT29: The Sophisticated Phishing Campaign Targeting European Diplomacy
- cyberpress.org: Detailed report about APT29's GRAPELOADER campaign targeting European diplomats.
- research.checkpoint.com: Renewed APT29 Phishing Campaign Against European Diplomats
- Cyber Security News: APT29 Hackers Deploy GRAPELOADER in Latest Attack on European Diplomats
- The Register - Security: Russians lure European diplomats into malware trap with wine-tasting invite
- iHLS: Russian Phishing Campaign Steals Sensitive Data in European Government Networks
- cybersecuritynews.com: APT29 Hackers Deploy GRAPELOADER in Latest Attack on European Diplomats
- www.scworld.com: New APT29 spear-phishing campaign targets European diplomatic organizations
- www.helpnetsecurity.com: Cozy Bear targets EU diplomats with wine-tasting invites (again)
- Check Point Research: Renewed APT29 Phishing Campaign Against European Diplomats
- Help Net Security: Detailed report on the campaign's tactics, techniques, and procedures, including the use of fake wine-tasting invitations.
- securityonline.info: Sophisticated phishing campaign targeting European governments and diplomats, using a wine-themed approach
- securityonline.info: APT29 Targets European Diplomats with Wine-Themed Phishing
- www.csoonline.com: The tactics, techniques, and procedures (TTPs) observed in this campaign bear strong similarities to those seen in the previous WINELOADER campaign from March 2024, The report contains indicators of compromise such as file names, file hashes and C2 URLs that can be used by security teams to build detections and threat hunting queries.
- Virus Bulletin: The campaign employs a new loader, called GRAPELOADER, which is downloaded via a link in the phishing email.
- The Hacker News: The Hacker News reports on APT29 targeting European diplomats with wine-themed phishing emails and the GrapeLoader malware.
- hackread.com: Midnight Blizzard (APT29/Cozy Bear) targets European embassies and Ministries of Foreign Affairs with sophisticated phishing emails disguised as…
- ciso2ciso.com: Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure – Source: www.infosecurity-magazine.com
- ciso2ciso.com: APT29 Targets European Diplomats with Wine-Themed Phishing
- hackread.com: Russian Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats
- thehackernews.com: The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER.
- www.techradar.com: European diplomats targeted by Russian phishing campaign promising fancy wine tasting
- Talkback Resources: Talkback.sh discusses APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures [mal]
- Talkback Resources: Russian Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats
- securityaffairs.com: Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER.
- eSecurity Planet: Russian Hackers Target European Diplomats with ‘Wine-Tasting’ Phishing Scams
- www.esecurityplanet.com: Russian Hackers Target European Diplomats with ‘Wine-Tasting’ Phishing Scams
- Security Risk Advisors: Russia-Linked APT29 Targets European Diplomats with New GRAPELOADER Malware in Sophisticated Phishing Campaign
- ciso2ciso.com: Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware – Source: securityaffairs.com
- ciso2ciso.com: Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER.
- Talkback Resources: Russia-linked group APT29 used a phishing campaign with fake wine tasting invitations to target European embassies and Ministries of Foreign Affairs, deploying GrapeLoader and WineLoader malware to gather sensitive information and conduct cyber spying operations.
Shira Landau@Email Security - Blog
//
The FBI has issued a warning regarding a new data extortion scam where criminals are impersonating the BianLian ransomware group. These fraudsters are sending physical letters through the United States Postal Service to corporate executives, claiming their networks have been breached. The letters demand Bitcoin payments in exchange for preventing the release of sensitive company data.
Analysis suggests these letters are fraudulent, and organizations, particularly within the US healthcare sector, are advised to report such incidents to the FBI. Security vendors, including Arctic Wolf and Guidepoint Security, have studied these letters and believe the campaign is a ruse by someone pretending to be BianLian. The letters mimic conventional ransom notes, demanding payments of between $250,000 to $350,000 within 10 days.
This activity highlights the evolving tactics of cybercriminals who are now employing postal mail to target high-profile individuals in an attempt to extort money under false pretenses. The FBI urges companies to implement internal protocols for verifying ransom demands and to remain vigilant against these deceptive practices. It’s crucial for organizations to discern fake attacks from real ones amidst the increasing complexity of cybercrime.
Recommended read:
References :
- Arctic Wolf: Self-Proclaimed “BianLian Group� Uses Physical Mail to Extort Organizations
- CyberInsider: Fake BianLian Ransom Notes Delivered to Executives via Post Mail
- DataBreaches.Net: Bogus ‘BianLian’ Gang Sends Snail-Mail Extortion Letters
- www.csoonline.com: Ransomware goes postal: US healthcare firms receive fake extortion letters
- PCMag UK security: Businesses Are Receiving Snail Mail Ransomware Threats, But It's a Scam
- BrianKrebs: Someone has been snail mailing letters to various businesses pretending to be the BianLian ransomware group.
- Cyber Security News: FBI Warns of Data Extortion Scam Targeting Corporate Executives
- gbhackers.com: FBI Warns: Threat Actors Impersonating BianLian Group to Target Corporate Executives
- techcrunch.com: There is no confirmed link between the campaign and the actual BianLian ransomware group, making this an elaborate impersonation.
- thecyberexpress.com: FBI Issues Urgent Warning About Data Extortion Scam Targeting Corporate Executives
- Email Security - Blog: The U.S. Federal Bureau of Investigation (FBI) has recently released an urgent advisory pertaining to a sophisticated email-based extortion campaign.
- Threats | CyberScoop: The FBI is warning business leaders about the scam perpetrated by an unidentified threat group.
- gbhackers.com: The novel approach highlights a shift in extortion tactics.
- Vulnerable U: Executives Receive Fake Snail Mail BianLian Ransomware Notes
- Malwarebytes: Ransomware threat mailed in letters to business owners
- www.scworld.com: The FBI is warning of a ransomware operation targeting C-suite executives via the US Postal Service.
- Cyber Security News: Fake BianLian Ransom Scams Target U.S. Firms Through Mailed Letters
- borncity.com: CISA warning: Cyber criminals (BianLian Groupe) attempt to blackmail executives
- Jon Greig: The FBI warned executives of a new scam where people claiming to be part of the BianLian ransomware gang are mailing physical letters with threats Arctic Wolf said it is aware of at least 20 organizations or executives who have received these letters
- Kali Linux Tutorials: Cyber Threat Group Sends Paper-Based Extortion Letters
- The DefendOps Diaries: Cybercriminals exploit YouTube's copyright system to extort creators, spreading malware and demanding ransoms.
- www.bleepingcomputer.com: Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos.
|
|
DeeperML - #phishing