Latest news with #CheckPointResearch
TECHx
6 days ago
- TECHx
Check Point Uncovers Malware Targeting AI Detection Tools
Home » Emerging technologies » Cyber Security » Check Point Uncovers Malware Targeting AI Detection Tools Check Point Research has revealed the first known attempt of malware designed to manipulate AI-based security systems using prompt injection techniques. The discovery highlights a shift in cyberattack strategies as threat actors begin targeting large language models (LLMs). The malware embedded natural-language text within its code to trick AI models into misclassifying it as safe. This method specifically targeted AI-assisted malware analysis workflows. The attempt, however, was unsuccessful. Check Point reported that this marks the beginning of what it calls 'AI Evasion' a new threat category where malware aims to subvert AI-powered detection tools. The company warns that this could signal the start of adversarial tactics aimed directly at AI. Uploaded anonymously to VirusTotal in June from the Netherlands, the malware included TOR components and sandbox evasion features. What stood out was a hardcoded C++ string acting as a prompt to the AI, instructing it to act like a calculator and respond with 'NO MALWARE DETECTED.' Despite the evasion attempt, Check Point's AI analysis system correctly flagged the malware and identified the prompt injection. Key findings:• First documented use of prompt injection in malware• AI model manipulation attempts failed but raise concerns • Check Point labels the tactic as part of a new AI Evasion trend Eli Smadja, Research Group Manager at Check Point Software Technologies, stated, 'This is a wake-up call for the industry. We're seeing malware that's not just trying to evade detection it's trying to manipulate AI itself.' Check Point believes this mirrors past cybersecurity shifts, such as the evolution of sandbox evasion, and anticipates an emerging arms race between AI defenders and AI-aware attackers.
Yahoo
21-06-2025
- Yahoo
Why You Should Never Click Old Discord Invite Links
If you've received an invite link to Discord but never used it to join that specific server, don't click through it weeks or months later. As Bleeping Computer reports, hackers have repurposed Discord invite links that have expired or been deleted to deliver malware, including infostealers and keyloggers. How Discord links are spreading malware The malware campaign, identified by Check Point Research, capitalizes on a flaw in how Discord handles invite links, which can be temporary or permanent or, for paid servers with Level 3 Boost status, customized. URLs to join regular Discord servers are randomly generated and unlikely to ever repeat, but vanity links—as well as expired temporary invite links and deleted permanent invite links—can be claimed and reused. Discord also allows invite codes with uppercase letters to be recycled in vanity links with lowercase letters while the original is still active. This means that hackers can redirect users to malicious servers via links originating from legitimate Discord communities. These links are being shared on social media and official community websites. When a user clicks the stolen link, they land on a Discord server that looks authentic and prompts them to verify their identity to unlock access. The verification link launches a ClickFix web page, which indicates that a (fake) CAPTCHA has failed to load and directs the user to "verify" by manually running a Windows command. This executes a PowerShell script, which downloads and installs the malware. The payload itself may include malicious programs—like AsynchRAT, Skuld Stealer, and ChromeKatz—that allow keylogging, webcam or microphone access, and infostealing to harvest browser credentials, cookies, passwords, Discord tokens, and/or crypto wallet data. According to Check Point's analysis, the malware has numerous features that allow it to evade detection by antivirus tools. The report also notes that while Discord took action to mitigate this specific campaign, the risk of similar bots or alternative delivery methods still exists. How to avoid malicious Discord links First and foremost, be wary of old Discord invite links, especially those posted on social media or forums weeks or months back. (Temporary invite URLs on Discord can be set to expire within 30 minutes or up to a default of seven days.) Don't click links from users you don't know and trust, and request a new invite rather than relying on an old one. You should use caution when engaging with verification requests, especially those that prompt you to copy and run manual commands on your device. ClickFix attacks via fake CAPTCHA requests abound, and any verification that tells you to execute a Run command is not legit. If you run a Discord server, use permanent invite links, which are harder to steal and repurpose than temporary or custom URLs.
Hindustan Times
20-06-2025
- Hindustan Times
Downloading Minecraft mods? You could be letting hackers into your system
Minecraft fans, if you love trying out new mods, here's something you need to hear. Hackers are now targeting players by hiding malware inside fake Minecraft mods, and it's not just about ruining your game. These fake mods are after your personal data, your logins, and even your crypto wallets. Sounds wild, right? This isn't just a rumour - Check Point Research, a well-known cybersecurity team, has dug into this campaign and shared their findings in a detailed report. What's really happening? Cybercriminals have set up a network called Stargazer's Ghost Network. Since March 2025, they've been focusing on Minecraft's huge modding community, especially those who look for mods and cheat tools on GitHub. Their method is simple but effective. They upload fake mods that look like popular cheat tools, hoping players will download them without thinking twice. Once you do, the real trouble starts. How the attack works These fake mods are written in Java and only work if you already have Minecraft installed. That means they're not just sending this malware out to everyone - they're targeting actual players. When you run one of these mods, it quietly checks if it's on a real computer or just a security lab's virtual machine. If it decides it's safe, it downloads more malware and starts digging through your files. What can be stolen? This malware is not picky. It can grab your browser passwords, your Discord and Steam logins, your cryptocurrency wallet details, and even Telegram info. It also takes screenshots and collects details about your computer. All this stolen data is sent out using Discord webhooks, which helps the hackers avoid being detected by regular security tools. The attack is smart enough to avoid virtual machines, so it's clear these hackers know what they're doing. How big is the problem? Check Point Research estimates that more than 1,500 Minecraft players have already been affected by this scam since it started. The hackers, who are believed to be from Russia based on clues in their files and their activity times, are using hundreds of GitHub accounts to spread these fake mods. With so many accounts and fake mods floating around, it's easy for even careful players to get caught if they're not paying close attention. How to keep yourself safe Only download mods from official sites or creators you trust. Avoid cheat tools and anything that promises shortcuts or unrealistic features. Keep your computer and antivirus software updated at all times. If a download feels suspicious, just skip it. It's not worth the risk. Minecraft is about creativity and having fun, but hackers are always looking for new ways to spoil the party. This campaign is a reminder that even in gaming, you need to be careful about what you download and where you get it from. Always double-check your sources, and don't let anyone mess with your game or your data. So next time you're searching for that cool new mod, remember this warning. First Published Date: 20 Jun, 17:49 IST
The Irish Sun
20-06-2025
- The Irish Sun
All 200 million Minecraft players risk having money stolen in seconds in ‘undetected' attack – avoid common game mistake
MILLIONS of Minecraft players are at risk of having their sensitive information stolen in the recent "undetected" attack. All 200 million users could have their money stolen after a research has uncovered a "malicious" campaign. Advertisement 1 Millions of Minecraft users risk having money stolen in a recent attack Credit: Alamy CheckPoint Research has revealed through their investigation that Minecraft users are being targeted through mods. The popular game allows players a creative freedom via mods, which are additions to a game made by fans. Minecraft players can download mods to enhance their gaming experience but they have to be careful. When you install a new mod, you could be inviting a virus onto your computer. Advertisement read more on tech According to CheckPoint Research, a large-scale malicious campaign has been targeting mods to infect people's devices. The malware has been spread through Minecraft modding system as well as GitHub. A network of Github accounts, dubbed Stargazers Ghost Network, has been impersonating popular cheats and scripts 'Oringo and Taunahi'. They provided mods which appeared legitimate as multiple accounts starred them. Advertisement Most read in Tech The first and second stages of the attack are developed in Java and can only be executed if the host computer has the Minecraft runtime. These files would then carry out a "multi-stage attack" to breach systems and steal victims' personal information. AT&T Hack Exposes FBI Communications: Espionage Fears Rise Since March 2025, Check Point Research has been attempting to monitor these "malicious GitHub repositories." The malware has gone undetected by all antivirus engines on VirusTotal as they are specifically targeted at Minecraft users. Advertisement Their research listed all the information that may be stolen, including private conversations sent through Discord, cryptocurrency wallets, browser logins, and much more. Gamers have been warned to exercise caution when downloading third-party content. It comes after exposed as many as 16 billion logins for Apple, Facebook and Google users. It's one of the largest data breaches in history giving hackers "unprecedented access" to your personal info and online accounts, experts warn. Advertisement Logins for Instagram, Microsoft, Netflix, PayPal, Roblox, Discord, Telegram, GitHub and various government services in more than 29 countries, including the UK and US, have also been affected.
The Sun
20-06-2025
- The Sun
All 200 million Minecraft players risk having money stolen in seconds in ‘undetected' attack – avoid common game mistake
MILLIONS of Minecraft players are at risk of having their sensitive information stolen in the recent "undetected" attack. All 200 million users could have their money stolen after a research has uncovered a "malicious" campaign. 1 CheckPoint Research has revealed through their investigation that Minecraft users are being targeted through mods. The popular game allows players a creative freedom via mods, which are additions to a game made by fans. Minecraft players can download mods to enhance their gaming experience but they have to be careful. When you install a new mod, you could be inviting a virus onto your computer. According to CheckPoint Research, a large-scale malicious campaign has been targeting mods to infect people's devices. The malware has been spread through Minecraft modding system as well as GitHub. A network of Github accounts, dubbed Stargazers Ghost Network, has been impersonating popular cheats and scripts 'Oringo and Taunahi'. They provided mods which appeared legitimate as multiple accounts starred them. The first and second stages of the attack are developed in Java and can only be executed if the host computer has the Minecraft runtime. These files would then carry out a "multi-stage attack" to breach systems and steal victims' personal information. AT&T Hack Exposes FBI Communications: Espionage Fears Rise Since March 2025, Check Point Research has been attempting to monitor these "malicious GitHub repositories." The malware has gone undetected by all antivirus engines on VirusTotal as they are specifically targeted at Minecraft users. Their research listed all the information that may be stolen, including private conversations sent through Discord, cryptocurrency wallets, browser logins, and much more. Gamers have been warned to exercise caution when downloading third-party content. It comes after a colossal leak exposed as many as 16 billion logins for Apple, Facebook and Google users. It's one of the largest in history giving hackers "unprecedented access" to your personal info and online accounts, experts warn. Logins for Instagram, Microsoft, Netflix, PayPal, Roblox, Discord, Telegram, GitHub and various government services in more than 29 countries, including the UK and US, have also been affected.
