Киберугрозы недели: от уязвимости в AI-браузере до фишинга через LinkedIn и грабежа с использованием Wi-Fi Headline: Cyber Threats of the Week: From AI Browser Vulnerabilities to LinkedIn Phishing and Wi-Fi Traffic Theft

We have compiled the most significant cybersecurity news from the past week.

The BTCFi protocol from Garden Finance appears to have fallen victim to a cross-chain hack amounting to over $10.8 million, according to blockchain investigator ZachXBT. Previously, the expert noted that the project might be involved in laundering funds stolen from the hacks of Bybit and Swissborg.

«It’s ironic that just a few days ago, I mentioned on X that Garden Finance had ignored victims by refusing to return fees, despite more than 25% of their activity being related to stolen funds,» the analyst remarked.

An address associated with the project team sent an on-chain message to the alleged hacker, promising a reward of 10% of the stolen funds.

The Ukrainian Cyber Police, together with the police of the Vinnytsia region and the Security Service of Ukraine (SBU), have uncovered the organizers of a cryptocurrency fraud scheme. According to law enforcement, two local residents disseminated information about exchanging digital assets and their «legitimacy checks» via Telegram channels, using social engineering tactics to embezzle victims’ funds.

Among the victims was a German national who lost 60,000 USDT to the fraudsters. During the raids, approximately $60,000 in cash, 48,000 hryvnias, two cars, computer equipment, bank cards, SIM cards, notes, and other evidence were seized. The pre-trial investigation is ongoing.

On October 27, researchers from LayerX discovered a critical vulnerability in OpenAI’s new AI browser, Atlas. This flaw allows attackers to inject malicious instructions into the ChatGPT memory, enabling them to execute arbitrary code.

The vulnerability exploits a cross-site request forgery (CSRF) mechanism. An attacker can induce the victim’s browser, already logged into ChatGPT, to send a hidden request that alters the chatbot’s internal memory. The next time a compromised instruction is executed, it could grant control over the victim’s account, browser, or system.

The «prompt injection» poses a particular risk when using Atlas, as the browser keeps users in a constantly authorized session with minimal built-in anti-phishing measures. Testing revealed that Atlas only blocks about 5.8% of phishing attacks, while Chrome and Edge block approximately 50%.

Analysts indicate that the flaw affects not only Atlas but other browsers with access to ChatGPT as well. The infected memory remains tied to the account and can «follow» the user across different devices and software.

Hackers have started leveraging LinkedIn for phishing attacks targeting executives in financial companies, as reported by specialists from Push Security in their blog. The scammers send personal messages that mimic invitations to join an investment fund’s board of directors, aiming to steal victims’ Microsoft credentials.

Clicking on a link leads users through a chain of redirects. When the fake site displaying job responsibility documents in the fund opens, victims are prompted to click a «View with Microsoft» button. After completing a Cloudflare captcha, a counterfeit login page appears, designed to steal usernames and passwords.

A team of German cybersecurity researchers from KASTEL Security Research Labs has identified a new method of person identification through Wi-Fi traffic interception, termed BFId. An experiment involving 197 participants demonstrated a high accuracy rate of 99.5%.

The method analyzes unique distortions in Wi-Fi signals while scanning a person’s gait, considering factors such as rhythm, speed, and body movement. This process creates a unique «radio frequency fingerprint» of the individual.

According to experts, the BFId attack can successfully identify individuals even when they change their walking style, wear a backpack, or speed up their pace. The underlying issue lies within the feedback mechanism used for forming the beam (BFI), an inherent technology in the Wi-Fi 5 standard intended to enhance network performance, which transmits signals back to the access point in a broadcast, unencrypted manner. This issue persists in Wi-Fi 5, Wi-Fi 6 standards, and likely continues in the latest Wi-Fi 7.

Experts noted that currently, there is no straightforward and reliable method for protection.

Researchers at Datadog Security Labs reported a new phishing scheme named CoPhish. This scheme employs legitimate Microsoft Copilot Studio services to harvest credentials. Scammers create fake Copilot agents and send links leading to counterfeit login pages.

According to specialists, potential victims enter their credentials, unknowingly transmitting a session authorization token to the attackers, giving them access to the account. This attack is particularly dangerous for Microsoft 365 and Entra ID administrators, as they have the ability to approve permissions for applications without verification.

In a comment to Bleeping Computer, Microsoft acknowledged the issue and promised to address the vulnerability in upcoming updates. The company emphasized that the attack relies on social engineering and urges users to restrict administrator rights on devices and diligently review access requests.

Datadog recommended organizations disable user application creation, tighten OAuth access policies, and monitor agent creation in Copilot Studio to prevent similar attacks.