24 Mar 2023 | Asia Cyber Summary

In the spotlight this week:

• Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts
• Chinese Shopping App Pinduoduo Blocked by Google Over Signs of Malware in Its Code
• TikTok to be Blocked from Parliamentary Devices, Networks in the UK Over Cyber Security Fears
• Hackers Steal Over USD 1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw
• Ferrari Hacked – Attackers Gained Access to Company’s IT Systems

‍

Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

The ‘ChatGPT For Google’ extension, a trojaned version of a legitimate open source browser add-on, claims to offer advanced chat features powered by OpenAI, but in reality, is a fake tool that collects users' personal data and credentials. The malicious Chrome browser extension attracted over 9,000 installations since March 14, 2023, prior to its removal. It was originally uploaded to the Chrome Web Store on February 14, 2023. The extension was removed from the Chrome Web Store by Google following the researcher's report, but it serves as a reminder to be cautious when downloading browser extensions and to only install extensions from trusted sources.

‍Chinese Shopping App Pinduoduo Blocked by Google Over Signs of Malware in Its Code

After traces of malware were discovered in the code of older app versions, Pinduoduo, a well-known shopping app that offers cheap prices on everything from fresh produce to various retail products, was suspended from the Google Play Store. Code from earlier iterations of the shopping app, which is stored on Github, was examined by a security company, and it was discovered to contain both zero-day and N-day exploits. The malware is designed to give the app wide-ranging system privileges, beyond what it discloses to the end user. The ban will not have much direct impact on the shopping app since almost all of its users are in China and the Google Play Store is not used there. Due to the discovery of malware that targets core system privileges, local alternatives for Android users like Tencent MyApp and Huawei AppGallery might feel pressure to delist the shopping app as well. The app remains available on Apple’s App Store.

‍TikTok to be Blocked from Parliamentary Devices, Networks in the UK Over Cyber Security Fears

As part of the most recent ban on the Chinese-owned social media app, TikTok will be blocked from devices and networks in the UK Parliament. This ban comes in response to concerns that the Chinese government may access user data from TikTok, which is controlled by the Beijing-based company ByteDance, endangering Western security interests. The app can still be used on personal devices while on the parliamentary estate, provided the devices aren't connected to the parliament's WiFi network. 

‍Hackers Steal Over USD 1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw

Bitcoin ATM (BATM) maker General Bytes disclosed that unidentified threat actors stole over USD 1.6 million worth of cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. General Bytes, according to its website, has sold more than 15,137 terminals in 149 countries. It supports over 180 fiat currencies and has collectively performed nearly 22.6 million transactions worldwide. The BATMs are designed to connect to a crypto application server (CAS), which are either managed by the customer or by the company itself on the cloud via infrastructure provided by DigitalOcean. It also warned that its own cloud service as well as other operators' standalone servers were infiltrated as a result of the incident, prompting the company to shutter the service.

‍Ferrari Hacked – Attackers Gained Access to Company’s IT Systems

A threat actor recently contacted Ferrari S.p.A., an Italian luxury sports car manufacturer headquartered in Maranello, demanding a ransom for access to specific client contact information. The company suffered a significant data breach, and consumers’ personal information may now be at risk. According to the company, customers’ names, addresses, phone numbers, and email addresses were among the information exposed in the breach.