#067 - Cyber AI Chronicle - AI meets cyber criminals: Fake tools, deepfake and CPU ransomware looms

PRESENTED BY

Cyber AI Chronicle

By Simon Ganiere · 18^th May 2025

Welcome back!

Apologies for the delay in the delivery of this newsletter, it’s been a busy week with some work travel and also a lot of family activities during the week-end.

It was also a busy week in the threat landscape, the AI world and the intersection between the two!

Enjoy the read and see you next week!

Threat actors are using fake AI-powered tools as a lure to entice users into downloading the Noodlophile information stealer malware. The malware, which targets users interested in AI tools for video and image editing, has been distributed through Facebook groups and viral social media campaigns. The infection chain involves downloading a malicious ZIP archive, which launches a legitimate binary to run a .NET-based loader and ultimately deploys the Noodlophile Stealer » READ MORE

The FBI warns of a malicious campaign targeting former senior US government officials using deepfake text and voice messages. The campaign, employing smishing and vishing techniques, aims to harvest credentials or deliver malware. The FBI advises verifying message authenticity, refraining from sharing sensitive information, and using multi-factor authentication. » READ MORE

Semantic steganography, or “Large Language Command & Control,” uses natural language to encrypt and transmit malicious code, bypassing traditional detection methods like YARA rules and antivirus software. This technique, leveraging large language models, allows for the creation of seemingly benign text that can be dynamically generated and difficult to identify as malicious » READ MORE

Airtel, one if India leading Telco, launched an AI-driven fraud detection system to identify and block malicious websites across all communication platforms in real time. The system, automatically enabled for all Airtel users, aims to protect consumers from online scams by filtering malicious domains across emails, web browsers, SMS messages, and popular OTT apps » READ MORE

MAESTRO, an agentic AI threat modeling framework, addresses gaps in existing frameworks related to autonomy, machine learning, interaction, and system-level aspects of AI. It utilizes a 7-layer reference architecture, including foundation models, data operations, agent frameworks, deployment, and infrastructure, to identify unique threats and risks. The framework helps practitioners understand and mitigate vulnerabilities in agentic AI architectures » READ MORE

The CVE MCP Project is a robust server designed to retrieve detailed CVE information from the CVE API hosted by MITRE. It provides users with comprehensive vulnerability data, including descriptions, CWEs, CVSS scores, and more, all in one place. » READ MORE

IBM released a whitepaper, highlighting how autonomous AI systems are poised to revolutionise the financial services sector while emphasising the critical need for responsible implementation and risk management frameworks. » READ MORE

OpenAI on Friday, May 16, introduced a new AI tool called Codex that is designed to handle multiple software engineering-related tasks at the same time, from generating code for new features to answering questions about a user’s codebase, fixing bugs, and suggesting pull requests for code review. The cloud-based, AI agent-driven coding tool runs these tasks in its own cloud sandbox environment that has been preloaded with a user’s code repository. Codex has been released as a research preview and is available for ChatGPT Enterprise and Pro users, access will be extended to the rest of the users later » READ MORE

Austrian privacy non-profit noyb sent Meta a cease-and-desist letter, threatening a class-action lawsuit over Meta’s plans to train AI models on E.U. user data without explicit opt-in consent. Noyb argues Meta’s reliance on “legitimate interest” to collect data violates GDPR and that other AI providers achieve better results without social network data. Meta rejects noyb’s arguments, asserting they have provided a clear opt-out option for E.U. users. » READ MORE

Artificial Intelligence (AI), particularly generative AI (GenAI), will significantly impact the labor market, automating tasks and creating new ones. While some occupations may be displaced, AI’s widespread adoption and productivity gains will likely lead to job creation and higher real wages. A scenario-based approach, considering incremental and profound change, helps understand AI’s potential effects on employment, wages, and productivity. » READ MORE

FTC Chair Andrew Ferguson stated the agency will not regulate AI until problems arise, emphasizing the importance of avoiding stifling innovation. He highlighted the need to protect American entrepreneurship from over-regulation and signaled the FTC’s commitment to addressing unlawful conduct related to privacy and data security. » READ MORE

Klarna, a financial tech startup, regrets replacing its human workers with AI. The company found that AI-generated content was of lower quality and that customers preferred interacting with human agents. The article also mentions that other companies are also facing similar issues with AI, with many realizing that AI is not yet ready to replace human workers in all tasks » READ MORE

Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks. These insiders abused their access to customer support systems to steal the account data for a small subset of customers. Coinbase is cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand it received. Instead Coinbase is establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack » READ MORE

Hackers breached nearly 5,000 Japanese financial accounts, conducting unauthorized trades totaling nearly $2 billion. The Financial Services Agency reported a significant increase in such incidents, with hackers using stolen login information to manipulate stock prices and profit from inflated values. » READ MORE

The BBC seems to have confirmation that the M&S hack occurred via a third party. This is not confirmed by M&S but this won’t be a huge surprise if it is true. The attack seems to be devastating and the recovery seems to be a challenge as M&S has still not resume its online shopping. M&S has also confirmed that some customers data has been leaked » READ MORE

the possibility of CPU ransomware, a new and potentially devastating form of cyber attack. The article highlights that this type of ransomware would operate at the hardware level, bypassing traditional security measures like antivirus software. The article concludes by emphasizing the importance of basic cybersecurity practices, such as using strong passwords and enabling multi-factor authentication. » READ MORE

Till next time!

Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.