Ophtek Archives

Hacker Targets Over 18,000 Script Kiddies with Malware

fake malware builder, Ophtek, Remote Access Trojan, script kiddies, XWormcybercriminals, malware, malware builder, Ophtek, RAT, XWormOphtek, LLC

Feb 2025

A hacker has tricked over 18,000 aspiring cybercriminals into downloading a fake malware builder which secretly infects their computers.

Yes, even threat actors can find themselves falling victim to their fellow hackers. In this surprising case, threat actors attempting to access malicious tools for committing cybercrimes were targeted by a more experienced hacker. These beginner hackers – known as “script kiddies” due to their limited skills – were tricked into downloading what they believed was a tool to create malware. Instead, they soon discovered that this ‘tool’ infected their devices.

Naturally, most readers of the Ophtek blog are looking to protect their IT systems rather than committing cybercrimes. Nonetheless, this cautionary tale contains plenty of lessons to be learned for all PC users.

The Hunter Becomes the Hunted

At the center of this attack is a weaponized version of a malware creation tool, one designed to generate the XWorm Remote Access Trojan. The attacker uploaded this fake tool to multiple platforms including GitHub repositories, Telegram channels, and YouTube tutorials. Advertised as a free and effective way to create malware, the bait was set to attract victims looking for a shortcut to their hacking goals. And they certainly took the bait, over 18,000 of them.

Unfortunately, once the program was executed, it was far from helpful. Instead of generating malware, the tool set about installing a backdoor on the victim’s PC. This gave the attacker unauthorized access to the now compromised system. With free rein to the infected PC, the threat actor could steal personal information, monitor activity on the PC, and take full control of the device. The attack claimed countless victims, with affected machines reported from the United States to Russia.

Researchers also found that the threat actor included a kill switch within the malware; this was later used to uninstall the malicious software from many of the infected machines. However, some systems remained infected and at risk of being compromised further. Quite why this kill switch was included is a mystery. Hackers rarely want to see their efforts curtailed, but it may be that this particular attack was an experiment or a rehearsal for something much bigger.

How Can Your Protect Your PCs?

This latest attack highlights the risks of downloading software from untrusted sources, even if you happen to be a hacker yourself. So, with everyone at risk of similar attacks, we’ve put together three important tips to keep you safe:

Only Download from Trusted Sources: Make sure you always use reputable and official websites for downloading software. Avoid downloading files from unfamiliar websites, torrent sites, or websites which look suspicious – if in doubt, check with an IT professional.
Use Antivirus Tools: Install and maintain up-to-date software – such as AVG and Kaspersky – on your devices. These tools, which are available as free versions, provide a crucial line of defense against malware threats.
Remain Cautious: Stay updated on the latest cybersecurity trends and threats – you can make a start by bookmarking the Ophtek blog. Always be suspicious of anything online which sound too good to be true, such as free access to subscriber-only tools, or urgent calls to install vital updates.

For more ways to secure and optimize your business technology, contact your local IT prof essionals.

Threat Actors Start Hiding Malware within Website Images

archive.org, generative AI, malicious code, Obj3tivityStealer, Ophtek, Phishing, VIP Keylogger, website imagesarchive.org, generative AI, malicious code, Obj3tivityStealer, Ophtek, phishing, VIP Keylogger, website imagesOphtek, LLC

Feb 2025

Cybercriminals are increasingly embedding malware within website images to evade detection and compromise IT systems.

Recent investigations have revealed a growing trend among threat actors: hiding malicious code within image files hosted on trusted websites. This approach allows the attackers to bypass traditional security measures, which tend to trust well-known and widely used websites. As ever, the attack begins with a phishing email designed to trick the victim into unleashing the malware. The phishing email in question has taken numerous forms such as invoices or purchase orders. Once opened, the file exploits a Microsoft Office vulnerability.

Emails are an essential part of business, so it’s crucial that you understand how this attack works to keep your IT infrastructure safe.

Unpacking the Image Attack

The vulnerability at the heart of the attack can be found in Microsoft Office’s Equation Editor (CVE-2017-11882). This vulnerability enables a malicious script to run, downloading an image file from a trusted website (such as archive.org). The image may, to the average PC user, look harmless, but hidden within its metadata is a malicious code. This is used to automatically install spyware and keyloggers such as VIP Keylogger and Obj3tivityStealer. These slices of malware allow the threat actors to monitor your systems, harvest sensitive data, and gain access to financial information.

What’s interesting – or disturbing, depending on your perspective – about the attack is that it appears to harness the power of AI. Cybercriminals are increasingly turning to generative AI to create convincing phishing emails, malicious scripts, and even HTML web pages which can host malicious payloads. This is making attacks much easier to launch while also lowering the barriers to entry around your IT networks.

Keeping Your IT Systems Secure

No business wants keyloggers and spyware downloaded onto their IT infrastructure, so it’s vital that you keep it secure and protected. It’s impossible to keep it 100% safe, but you can optimize its strength by following these three tips:

Regularly Update Your Software: make sure all your software, especially Microsoft Office applications, is up to date. Software developers release regular updates to patch vulnerabilities – like CVE-2017-11882 – which attackers seek to exploit. As well as enabling automatic updates, schedule regular checks for patches to ensure that critical updates are not missed. And remember, this applies to all software on your networks.
Use Advanced Email Security: always utilize email filtering tools to automatically block phishing emails before they reach your staff. These highly effective solutions can scan all incoming messages for suspicious links, attachments, or blacklisted senders to prevent them from reaching your employee inboxes. Also, make sure your team are educated on the danger signs of a phishing email. Regular training and refresher sessions can help maximize the security of your first-line defenses.
Monitor Network Activity: Use network monitoring tools to detect unusual activities, such as unexpected downloads or unauthorized connections. These tools can indicate potential threats early, allowing you to respond quickly before threat actors secure a foothold within your systems. Make sure that you establish a program of regular reviews for your activity logs, this approach will enable you to spot anomalies and take action.

For more ways to secure and optimize your business technology, c ontact your local IT professionals.

A recent cyberattack has compromised several popular Google Chrome extensions, infecting millions of users with data-stealing malware.

In early January 2025, cybersecurity researchers at Extension Total discovered a malicious campaign targeting Chrome extensions which offer AI services. The threat actors hijacked at least 36 extensions – including Bard AI Chat, ChatGPT for Google Meet, and ChatGPT App – with approximately 2.6 million users affected. This widespread attack has raised the alarm among users and software developers as, previously, these extensions were highly trusted.

With 3.45 billion people using Chrome as their browser, it’s no surprise that threat actors would target it. This attack is especially ingenious, so we’re going to take a deep dive into it.

How Were the Chrome Extensions Compromised?

The affected extensions may be named after popular AI tools like Bard and ChatGPT, but they are third-party applications with no development from Google or OpenAI. Third-party extensions can, of course, be legitimate, but these compromised extensions were far from helpful. Instead, they were used to deliver fake updates containing malware.

The malware was designed to steal sensitive user information, specifically targeting data related to Facebook Ads accounts. Therefore, this posed a significant threat to businesses which rely on Facebook for marketing and sales. With this stolen data, the threat actors could use it for unauthorized access, financial and identity theft, or to fuel phishing attacks.

In response to the attack, many of the affected extensions have been removed from the Chrome Store to limit further infections. However, others remain available, exposing users to the malware. Chrome, as we’ve already mentioned, is hugely popular with around 130,000 extensions are available to install. The risk of a security incident, as you would imagine, is high; this recent attack underscores the importance of practicing vigilance when installing extensions.

Staying Safe from Rogue Chrome Extensions

Browser extensions are designed to help users by enhancing functionality and making everyday browsing easier. However, this recent attack has also demonstrated that they’re a security risk. Ophtek wants to keep you safe from similar attacks, so we’ve put together our top tips for protecting your PC from rogue extensions:

Install Extensions from Trusted Sources: you should only ever download extensions from reputable developers and official web stores. Before hitting that install button, always carry out some research on the developer, read user reviews, and check ratings to assess how legitimate it is.
Limit Extension Permissions: extensions often require permissions to function correctly on your PC but be very careful of any extension which requests a long list of permissions e.g. access to browsing data, microphone control, and cookies. You should only ever grant permissions to what is necessary for the extension to operate. If in doubt of a permission request, seek help from an IT professional.
Update Extensions: always ensure your extensions are kept up to date, as developers often release patches to fix security vulnerabilities. Regularly check for updates and keep an eye out for any unusual browser behavior such as strange pop-ups, redirects to other sites, or performance issues. Additionally, if you have extensions you no longer use, remove these to reduce your exposure to risk

For more ways to secure and optimize your business technology, contact your local IT professionals.

Fake Job Scam Used to Serve Up Malware

fake recruiters, Linkedin, malicious websites, Ophtek, phishing_email, update security software, verify identities, webcamsLinkedin, malware, Ophtek, phishing, security, updatesOphtek, LLC

Jan 2025

Threat actors are highly innovative – one recent attack tricked victims into addressing fake webcam and microphone issues to gain system access.

We’re constantly advised to be aware of phishing emails, infected documents, and malicious websites, but what happens when threat actors take a different approach? Well, they increase their chances of breaching your defenses. This is why it’s crucial to keep up to date with developments in the world of cybersecurity. This latest attack targeted professionals on LinkedIn, but it could easily be used in other environments.

O phtek wants to keep you secure from these types of threats, so we’re going to summarize this attack and show you how to stay safe.

The Interview from Hell

Job interviews are always stressful affairs, but at least they don’t hit you financially. However, there is an exception – the LinkedIn attack. With 1 billion members, LinkedIn is hugely popular and this makes it the perfect target for a threat actor.

Victims are approached on LinkedIn by fake recruiters who claim to be working for crypto firms such as Kraken and Gemini. On offer is the opportunity of a number of high-ranking roles at these firms, and the victims has been specially chosen to apply. Victims who take the bait and then posed a series of long-form questions relating to the crypto industry e.g. which crypto trends will have the most impact in the next 12 months.

It may, at first, seem like any other job interview, but the final question posed requires an answer filmed on video. This is where the breach begins. The threat actor will issue an error message stating that there’s an access issue for the victim’s camera and microphone. The problem is apparently caused by a cache issue but, luckily, the ‘interviewer’ has a set of instructions to fix the error. Unfortunately, following these instructions simply hands the threat actor access to the victim’s PC, where their crypto wallet is likely to be targeted.

How to Stay Safe on LinkedIn

You may have a LinkedIn account, and even if you don’t, it’s important that you know how to defend against a similar attack. The three main ways you can protect your PC are:

Always Verify Identities: Unsolicited job offers aren’t unusual on LinkedIn or other social networking sites, but this doesn’t mean they’re always legitimate. Therefore, it’s vital that you carry out research on the recruiter’s identity. Start by contacting the company directly – ideally by telephone – through official channels and confirm that the vacancy offer is genuine. This can help prevent you falling victim to fake recruiters.
Check IT Issues with Professionals: Taking technical IT instructions from strangers online is a sure-fire way to open up your PC to an attack. Anything which involves adjusting system settings or installing software should be scrutinized closely. Even if someone asks you to install a new font on your PC, treat it as suspicious. Rather than following through on the advice of an internet stranger, go straight to one of your verified IT professionals for advice.
Keep Security Software Updated: Ensure that your operating system and associated antivirus software is always kept up to date. Installing the latest security patches will always maximize your security in the event of a breach, so automating these updates is your best form of defense.

For more ways to secure and optimize your business technology, contact your local IT professionals .

The 5 Best IT Security Practices to Adopt for 2025

AI, cybercrime, Employee Training, Ophtek, secure IoT, security practices, supply chain security, zero trust architectureAI, cybercrime, IoT, Ophtek, security, Training, ZTAOphtek, LLC

Jan 2025

2025 promises to be an exciting year for businesses, but cybercrime will remain a major threat. That’s why strengthening your cybersecurity is essential.

With the costs of cybercrime expected to hit $10.5 trillion in 2025, it’s evident that tackling cybercrime is a major priority for all businesses. However, it’s easy to become complacent with the quality of your defenses. You may feel that 2024 was a quiet year for you in terms of malware, so why change anything? Well, it’s this complacency that threat actors prey upon. Therefore, you need to constantly evolve your defenses to remain safe.

Start Enhancing Your Cybersecurity Today:

You may be wondering where to start, but this is where Ophtek has your back. We’ve pooled our resources and knowledge to bring you the 5 best IT security practices to adopt in 2025:

Train Your Employees to Stay Safe: Your first line of defense against threat actors remains your employees. If your employees understand the threat of malware then you increase your chances of staying safe. However, if they don’t understand the telltale signs of ransomware and trojans, this manifests itself as a major chink in your armor. You can remedy this by conducting regular training sessions to educate and update your team on all the latest threats. This makes your staff less likely to fall victim to scams and protect your systems.
Use Zero Trust Architecture: Trust is crucial in business, but it can be dangerous when it comes to IT systems. Therefore, adopting a zero trust architecture (ZTA) model can enhance your security practices. ZTA involves enforcing strict identity verification – such as Microsoft Authenticator – and segmenting your networks to restrict access to only those who need it. These practices will minimize the risk of both external and internal threats, optimizing the security of your IT infrastructure.
Secure Your IoT Devices: The number of connected IoT devices is set to grow significantly in the next five years, up to 32.1 billion devices by 2030. Start securing them by checking if any of them are still using default passwords – if they are, change these to strong passwords immediately. It’s also a good idea to segment IoT devices onto separate networks, this limits how far malware can spread through your IT infrastructure in the case of an infection. Finally, make sure that software patches and firmware updates are installed promptly.
Implement AI Cybersecurity: Artificial Intelligence (AI) is increasingly being used to detect and neutralize threats in real time. Capable of analyzing huge amounts of data and identifying unusual activity, AI excels at spotting sophisticated threats before they create a foothold in your networks. This automation allows you to stay ahead of the threat actors and safeguard your systems more effectively than ever. Consequently, exploring options such as IBM’s range of AI tools could make a vast difference to your defenses in 2025.
Maximize Your Supply Chain Security: Threat actors are as innovative as they are dangerous, this is best evidenced by their attempts to target your vendors to gain access to your systems. To keep your business safe, audit the vendors you work with to verify their cybersecurity protocols and compliance. Working closely with your vendors will enable you to limit threat actors exploiting any gaps in security.

For more ways to secure and optimize your business technology, c ontact your local IT professionals.

1 2 3 … 60 Next »

Category Archives: Ophtek