Latest news with #VirusTotal
TECHx
3 days ago
- TECHx
Check Point Uncovers Malware Targeting AI Detection Tools
Home » Emerging technologies » Cyber Security » Check Point Uncovers Malware Targeting AI Detection Tools Check Point Research has revealed the first known attempt of malware designed to manipulate AI-based security systems using prompt injection techniques. The discovery highlights a shift in cyberattack strategies as threat actors begin targeting large language models (LLMs). The malware embedded natural-language text within its code to trick AI models into misclassifying it as safe. This method specifically targeted AI-assisted malware analysis workflows. The attempt, however, was unsuccessful. Check Point reported that this marks the beginning of what it calls 'AI Evasion' a new threat category where malware aims to subvert AI-powered detection tools. The company warns that this could signal the start of adversarial tactics aimed directly at AI. Uploaded anonymously to VirusTotal in June from the Netherlands, the malware included TOR components and sandbox evasion features. What stood out was a hardcoded C++ string acting as a prompt to the AI, instructing it to act like a calculator and respond with 'NO MALWARE DETECTED.' Despite the evasion attempt, Check Point's AI analysis system correctly flagged the malware and identified the prompt injection. Key findings:• First documented use of prompt injection in malware• AI model manipulation attempts failed but raise concerns • Check Point labels the tactic as part of a new AI Evasion trend Eli Smadja, Research Group Manager at Check Point Software Technologies, stated, 'This is a wake-up call for the industry. We're seeing malware that's not just trying to evade detection it's trying to manipulate AI itself.' Check Point believes this mirrors past cybersecurity shifts, such as the evolution of sandbox evasion, and anticipates an emerging arms race between AI defenders and AI-aware attackers.
Scottish Sun
20-06-2025
- Scottish Sun
All 200 million Minecraft players risk having money stolen in seconds in ‘undetected' attack – avoid common game mistake
Read on to find out how to avoid exposing your data CRAFTY CON All 200 million Minecraft players risk having money stolen in seconds in 'undetected' attack – avoid common game mistake Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) MILLIONS of Minecraft players are at risk of having their sensitive information stolen in the recent "undetected" attack. All 200 million users could have their money stolen after a research has uncovered a "malicious" campaign. Sign up for Scottish Sun newsletter Sign up 1 Millions of Minecraft users risk having money stolen in a recent attack Credit: Alamy CheckPoint Research has revealed through their investigation that Minecraft users are being targeted through mods. The popular game allows players a creative freedom via mods, which are additions to a game made by fans. Minecraft players can download mods to enhance their gaming experience but they have to be careful. When you install a new mod, you could be inviting a virus onto your computer. According to CheckPoint Research, a large-scale malicious campaign has been targeting mods to infect people's devices. The malware has been spread through Minecraft modding system as well as GitHub. A network of Github accounts, dubbed Stargazers Ghost Network, has been impersonating popular cheats and scripts 'Oringo and Taunahi'. They provided mods which appeared legitimate as multiple accounts starred them. The first and second stages of the attack are developed in Java and can only be executed if the host computer has the Minecraft runtime. These files would then carry out a "multi-stage attack" to breach systems and steal victims' personal information. AT&T Hack Exposes FBI Communications: Espionage Fears Rise Since March 2025, Check Point Research has been attempting to monitor these "malicious GitHub repositories." The malware has gone undetected by all antivirus engines on VirusTotal as they are specifically targeted at Minecraft users. Their research listed all the information that may be stolen, including private conversations sent through Discord, cryptocurrency wallets, browser logins, and much more. Gamers have been warned to exercise caution when downloading third-party content. It comes after a colossal leak exposed as many as 16 billion logins for Apple, Facebook and Google users. It's one of the largest data breaches in history giving hackers "unprecedented access" to your personal info and online accounts, experts warn. Logins for Instagram, Microsoft, Netflix, PayPal, Roblox, Discord, Telegram, GitHub and various government services in more than 29 countries, including the UK and US, have also been affected.
The Irish Sun
20-06-2025
- The Irish Sun
All 200 million Minecraft players risk having money stolen in seconds in ‘undetected' attack – avoid common game mistake
MILLIONS of Minecraft players are at risk of having their sensitive information stolen in the recent "undetected" attack. All 200 million users could have their money stolen after a research has uncovered a "malicious" campaign. Advertisement 1 Millions of Minecraft users risk having money stolen in a recent attack Credit: Alamy CheckPoint Research has revealed through their investigation that Minecraft users are being targeted through mods. The popular game allows players a creative freedom via mods, which are additions to a game made by fans. Minecraft players can download mods to enhance their gaming experience but they have to be careful. When you install a new mod, you could be inviting a virus onto your computer. Advertisement read more on tech According to CheckPoint Research, a large-scale malicious campaign has been targeting mods to infect people's devices. The malware has been spread through Minecraft modding system as well as GitHub. A network of Github accounts, dubbed Stargazers Ghost Network, has been impersonating popular cheats and scripts 'Oringo and Taunahi'. They provided mods which appeared legitimate as multiple accounts starred them. Advertisement Most read in Tech The first and second stages of the attack are developed in Java and can only be executed if the host computer has the Minecraft runtime. These files would then carry out a "multi-stage attack" to breach systems and steal victims' personal information. AT&T Hack Exposes FBI Communications: Espionage Fears Rise Since March 2025, Check Point Research has been attempting to monitor these "malicious GitHub repositories." The malware has gone undetected by all antivirus engines on VirusTotal as they are specifically targeted at Minecraft users. Advertisement Their research listed all the information that may be stolen, including private conversations sent through Discord, cryptocurrency wallets, browser logins, and much more. Gamers have been warned to exercise caution when downloading third-party content. It comes after exposed as many as 16 billion logins for Apple, Facebook and Google users. It's one of the largest data breaches in history giving hackers "unprecedented access" to your personal info and online accounts, experts warn. Advertisement Logins for Instagram, Microsoft, Netflix, PayPal, Roblox, Discord, Telegram, GitHub and various government services in more than 29 countries, including the UK and US, have also been affected.
Yahoo
27-05-2025
- Business
- Yahoo
Galileo FX Passes Independent Security Audits Across Industry-Leading Platforms
NEW YORK, May 27, 2025 /PRNewswire/ -- Galileo FX, the automated trading software currently used by more than 13,500 traders worldwide, has received clean safety certifications from the web's most respected threat detection systems. As questions around the reliability of trading bots continue to dominate the conversation, Galileo FX's independent verification across major cybersecurity engines signals something rare in this space: a system that holds up under scrutiny. VirusTotal, a platform used by Google and the broader cybersecurity industry, scanned Galileo FX's domain across 97 threat intelligence engines. None flagged it. URLVoid—another aggregation platform pulling data from 39 engines monitoring for malware, phishing attempts, and suspicious behavior—also found no red flags. Norton's SafeWeb analysis confirms the domain is free of any deceptive, harmful, or unwanted activity. What does this mean in practice? For users, it means the software they're downloading and installing isn't just performing in the markets: it's cleared by the same systems that banks, browsers, and antivirus vendors rely on to protect against digital threats. It means the site and the software aren't secretly hiding tracking layers, malware, phishing scripts, or backdoors. And it means users can install and operate Galileo FX with a baseline of technical confidence that most other trading tools never reach. In a category crowded with disposable bots and short-lived projects, a verified clean record implies something more foundational: that the company behind the product took time to build infrastructure that resists not only cyber risks but reputational collapse. Most trading bots won't pass these scans. Galileo FX does. It's a small but significant detail: often overlooked by users, but never overlooked by search engines, operating systems, or ad networks. It's the difference between operating in plain sight versus being quietly suppressed by automated trust systems. This verified trust profile is part of a broader pattern. Galileo FX operates without venture backing or affiliate programs. Its performance results are made public through third-party verification. And its growing base of global users continues to apply its pre-built strategies (some conservative, some aggressive) with clear visibility into risk and reward. These strategies are updated weekly, tested on live markets, and are available for download. For verification details and performance data, visit: View original content: SOURCE Galileo FX Sign in to access your portfolio
Yahoo
22-04-2025
- Yahoo
Ransomware Gang Takes Page From Elon's 'What Did You Do This Week' DOGE Emails
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing. A ransomware gang is channeling Elon Musk's Department of Government Efficiency by taunting victims with ransom notes that demand to know what they've "accomplished for work" in the last week. The FOG ransomware group has been distributing the DOGE-themed notes in recent weeks, according to malware samples that cybersecurity vendor Trend Micro discovered on the file-scanning service VirusTotal. 'We observed that these samples initially dropped a note containing key names related to the Department of Government Efficiency (DOGE),' Trend Micro says. The ransom notes also allude to Edward Coristine, who uses the online alias 'Big Balls." He reportedly has a history with cybercriminal groups, but was still appointed to Musk's DOGE team. A separate cybersecurity firm, Cyble, spotted the same attack generating a pop-up on computers that says 'DOGE BIG BALLS RANSOMWARE.' The FOG ransomware gang appears to be spreading its attack through phishing emails with an attachment titled "Pay If opened, the attachment will download and execute a PowerShell script designed to load the ransomware loader in " along with other malicious programs. "It also opens politically themed YouTube videos and includes written political commentary directly in the script,' Trend Micro notes. The attack is designed to gather data on the victim's PC before encrypting the files, and then leaving a ransom note, demanding the victim pay approximately $1,000 in the Monero cryptocurrency. According to Cyble, the ransom note, titled introduces the threat actor as 'Edward Coristine,' and lists his purported home address and phone number. The note then echoes Elon Musk's recent emails to federal workers and demand that victims justify their productivity by listing their weekly accomplishments. 'Give me five bullet points on what you accomplished for work last week or you owe me a TRILLION dollars,' the ransom note from the FOG gang says. 'The use of Coristine's name and the 'DOGE' reference in the ransomware could be a tactic to malign him and the DOGE initiative,' Cyble adds. In the ransom note, the FOG group also claims they'll decrypt the files for free, but only if the victim spreads the ransomware attack to another victim. 'FOG ransomware is a relatively new ransomware family that enterprises must add to their watchlist,' Trend Micro warns. The gang claims to have attacked over 100 victims, including organizations in the education, manufacturing, and transportation sectors, since January. Meanwhile, the official "what did you do this week" emails from DOGE are reportedly a bust. The Washington Post reports that the Office of Personnel Management basically told HR officials across the government that the emails are voluntary and that the agency didn't plan to do anything with the emails that were submitted.
