Insights on fake AI law firms, Facebook malware schemes, and critical VPN vulnerabilities. Discover the intricate web of SEO manipulation, the alarming spread of malware through counterfeit AI services, and the global impact of a new VPN flaw. Stay ahead with actionable advice and join the conversation on safeguarding against these sophisticated digital threats.
Original URLs:
- https://arstechnica.com/gadgets/2024/04/fake-ai-law-firms-are-sending-fake-dmca-threats-to-generate-fake-seo-gains/
- https://www.bleepingcomputer.com/news/security/fake-facebook-midjourney-ai-page-promoted-malware-to-12-million-people/
- https://www.bleepingcomputer.com/news/security/new-ivanti-rce-flaw-may-impact-16-000-exposed-vpn-gateways/
- https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/
Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/
Logo Design by https://www.zackgraber.com/
Tags:
cybersecurity, AI scams, malware, VPN vulnerabilities, SEO manipulation, digital threats, fake law firms, Facebook malware, Ivanti, RCE flaw, data security, online safety, cybersecurity tips, tech news, hacking
Search Phrases:
- Cybersecurity threats and AI scams
- How to spot and avoid online malware schemes
- Understanding VPN vulnerabilities and their impact
- Dealing with fake DMCA threats for SEO gains
- Protecting against Facebook AI service scams
- Ivanti VPN gateways security flaws
- Tips for enhancing online data security
- Latest in cybersecurity and hacking news
- Identifying and responding to digital threats
- Navigating SEO manipulation and fake law firms
Transcript
Apr 6
Welcome back to the Daily Decrypt.
Fake law firms like Commonwealth Legal out of Arizona are sending out copyright infringement notices to manipulate SEO rankings.
This is just another way attackers are getting more and more creative to manipulate the things that you see on the day to day. Over 1. 2 million people were tricked using a Facebook scam where hackers peddled fake services like Midjourney or OpenAI’s Sora that deployed malware designed to hijack users data. How can you identify this type of scam and protect yourself?
And finally, Ivanti has patched a critical security flaw that affects over 16, 000 vPN gateways. What is this vulnerability and how can administrators protect their VPN gateways?
We live in a world where everyone has a website, whether it’s your personal business or your hobby. There are tons of websites and they’re easy to spin up. Well,
Ars Technica is reporting that there are now fake law firms who are sending copyright infringement notices to personal and hobby websites. For example, you’re using an image that doesn’t belong to you, please provide compensation. Ars Technica. Taking it down doesn’t work. The most notable firm. is titled Commonwealth Legal, even though it’s out of Arizona or so it says, which isn’t a state that’s deemed a Commonwealth.
And they’re claiming to represent the Intellectual Property Division of Tech4Gods.
Like I mentioned, there are a lot of key indicators that this legal firm is fake. For example, it’s a brand new domain registration, which means their website’s brand new. It’s also a Canadian IP address and the physical address doesn’t match the one listed on the website.
If you actually go to the website for Commonwealth Legal, you’ll see a bunch of AI generated images of attorneys. Yeah, doesn’t take much to realize this is probably a fake website. But regardless, if you receive a copyright infringement notice, That’s a pretty scary thing.
So why does this exist? Why is this happening? Well, it’s pretty clever. This legal firm claims to represent the company Tech4Gods, which may or may not be a legitimate site, but the whole goal of this is to boost the SEO for Tech4Gods. And the way that it does that is by placing backlinks or just links to the Tech4Gods website all over the internet, which is a gold mine for SEO rankings.
Now, if you want more specifics than that, you can check out the article by Ars Technica in the show notes,
but make sure to just be skeptical of every threat or every email you get from someone who you don’t know. If you get an email that claims you’re infringing on someone’s copyright, Look for signs that it’s fake. Maybe reach out to a different law firm. Maybe reach out to the police because maybe they’ve heard of this scam before and will be able to verify that it’s a scam.
Nothing in our legal system, especially in the United States goes quickly. So don’t act with a sense of urgency. You don’t need to pay anything immediately. Take your time and work through this.
Over 1. 2 million people on Facebook have been tricked into clicking links for counterfeit AI services such as Midjourney, OpenAI Sora, ChatGPT-5, and DAL E
by promising previews of unreleased features. And you’ll never guess how attackers have done this. They have purchased ads. That’s right. Anyone can purchase ads. Attackers do it. They promise you something that’s too good to be true. You click it,
and now you’ve downloaded some malicious software. So these specific Facebook ads coax users into joining fake Facebook groups that look real, and then immediately the users are bombarded with Seemingly legitimate updates, AI generated visuals, and enticing offers or, quote, early access to AI innovations.
So these are just baits to lure victims into downloading malicious software, but instead of getting the cutting edge tools you were promised, you’re getting password theft malware, like, Rylide, Vidar, IceRat, and Nova.
Once this malware is downloaded, it’s gonna go into your browser and try to grab your session cookies, credentials, maybe stored in your Google Chrome password manager. It’s gonna look for cryptocurrency details and more.
The case outlined by Bitdefender and reported by Blooping Computer in our show notes.
It showcases a mid journey fan page that had over 1. 2 million followers, which was initially a legitimate fan page, but was taken over by hackers in June of 2023. It operated from June of 2023 up until last week when Facebook finally took it down.
Once attackers had taken over this Facebook page,
they created a fake website, flawlessly mimicking the mid journey website.
which only helped them push this fake malware onto its users. When they click on the website, it actually goes to a website that looks exactly like Midjourney.
Here is where users would be tricked into downloading the malware disguised as the state of the art image generation tools. Once they download, It looks like they were required to install a Google Translate browser extension, which is where the malware lives.
Even though this page has been taken down by Facebook, the attackers have quickly moved over to a new page which already has 600, 000 plus followers.
So this is just a case of malvertising. I’m actually gonna start making stickers. Don’t click on Google ads. Now I’m gonna include don’t click on Facebook ads because they’re pretty cheap to run. I did a test the other day on a Daily Decrypt Reel on Instagram and I got 3, 000 views for five bucks.
Now if I had attacker kind of money, That would be a lot more views, a lot more clicks. So just be weary of Facebook ads. I literally don’t click any ads anymore, even if the product looks polished and pristine, there are some legitimate ads out there, but at this point, I don’t trust any of them.
So keep an eye out. for a Daily Decrypt store opening up soon with some fresh new stickers handmade by me, and don’t click on any ads.
And finally, Ivanti has disclosed a high severity remote code execution flaw which affects up to 16, 500 of its connect secure and poly secure gateways. This vulnerability is due to a heap overflow in the IPSet component impacting versions 9. 0 and 22.
And could potentially allow unauthorized attackers to execute remote code. or initiate denial of service by sending specifically crafted requests. This issue came to light following reports by internet search engine Shodan and threat monitoring service Shadow Server,
which initially discovered approximately 29, 000 exposed services. Ivanti, however, has reassured its customer base that there have been no observed instances of exploitation, but emphasizes the importance of applying necessary updates without delay to avoid breaches.
ShadowServer’s subsequent assessments revealed that the number of susceptible devices might be closer to around 16, 000, with the highest concentrations of vulnerable gateways located in the United States. Japan, the UK, Germany, France, and the list goes on.
This vulnerability is not the first to raise alarms with Ivanti’s user community. Earlier this year, various Ivanti products flaws were exploited by state sponsored actors and hacking groups to facilitate their use. unauthorized access, and control over affected devices. A recent report by Mandiant highlights the exploitation of Ivanti endpoints by Chinese hackers employing a malware family dubbed Spawn.
Ivanti has released patches for all supported versions of the affected products. So yeah, get out there, update your systems, and sleep well at night.
That’s all I got for you today. If you like what you hear, we’d really appreciate a review on Spotify or Apple podcasts and a follow on Instagram, subscription on YouTube, wherever you consume your media and send us a comment. We’d love to hear from you. I hope you
have a great rest of your weekend. Go check out the solar eclipse this Monday and we’ll talk to you some more later.