The media in this post is not displayed to visitors. To view it, please go to the original post.
I spent nearly 4 months investigating the inner workings of a North Korean state-sponsored hacking group. Here's what I found:
- The group used generative AI tools to aid in almost every part of their operations.
- They exfiltrated 26,584 cryptocurrency wallets from victim systems, with a combined value totaling as much $12 million dollars.
- In several cases, the threat actors set up entire front companies to lure in developers via fake job posting, then infected them with malware.
- The threat actors successfully pulled off a supply-chain attack by compromising a VS Code extension developer's system.
🔗 Full article: expel.com/blog/inside-lazarus-…
Inside Lazarus: How North Korea uses AI to industrialize attacks on developers
Expel is tracking a North Korean (DPRK) state-sponsored APT group. This group is targeting Web3 developers to steal cryptocurrency and NFTs.Marcus Hutchins (Expel)
reshared this
Matthias Ott
in reply to Matthias Ott • • •Maybe you should have asked your country of geniuses in a vending machine before deploying this… 😉
🇩🇪 🇺🇦 🇨🇦
in reply to Matthias Ott • • •Danny Boling ☮️
in reply to 🇩🇪 🇺🇦 🇨🇦 • • •@ManyRoads
If I were going to use an AI, I'd want it completely local and under my total control. Can that even be done?
@matthiasott
Zach Leatherman
in reply to Matthias Ott • • •saxnot ➡️ GPN, RockHarz
in reply to Matthias Ott • • •The article says on the authors machine it does nothing
Matthias Ott
in reply to saxnot ➡️ GPN, RockHarz • • •Cancerbero
in reply to Matthias Ott • • •Led By Gilded Fools
in reply to Matthias Ott • • •Question for the Fediverse: Is the website "That Privacy Guy!" a reboot of "That One Privacy Site" that published the very detailed VPN comparison table?
web.archive.org/web/2017010704…
That One Privacy Site | Detailed VPN Comparison Chart
web.archive.orgFarhan Ahmed
in reply to Matthias Ott • • •Matthias Ott
in reply to Farhan Ahmed • • •But that stuff was built for password managers etc., not an LLM agent with documented access to your DOM and authenticated sessions. Which is exactly why a vendor should ask for permission.
Nine Stones Close
in reply to Matthias Ott • • •derptron
in reply to Matthias Ott • • •Only one of these IDs seems to point at anything valid and it's Claude.
Supposedly you can search for the gibberish after chrome-extension:// at the extension store and that extension will pop up. This only works for the second ID in the list.
chromewebstore.google.com/sear…
chromewebstore.google.com/sear…
chromewebstore.google.com/sear…
My guess is that the other two are debug versions or something. They could be doing something nefarious but more likely this is just them being stupid.
Chrome Web Store
chromewebstore.google.comJan <3
in reply to derptron • • •Yazılım Teknisyeni
in reply to Matthias Ott • • •froq
in reply to Yazılım Teknisyeni • • •@yazilim Bu makale iddialarını doğrulamak için mevcut teknik verilerle karşılaştırdığımda, şu anda Anthropic'in Claude Desktop uygulamasını "gizli casus yazılımı" (spyware) yüklediğine dair hiçbir resmi kanıt veya güvenilir bağımsız denetim bulunmamaktadır.
Bu tür iddialar genellikle aşağıdaki faktörlerden kaynaklanabilir:
* Veri Toplama Politikaları: Büyük dil modelleri, hizmet koşullarında kullanıcı verilerini işlemek için izni alabilirler, ancak bu "casusluk" olarak (1/3)
froq
in reply to Yazılım Teknisyeni • • •@yazilim nitelendirilmez.
* Güvenlik Riski: Kullanıcıların bilgisayarlarına yetkisi olmayan bir program yüklenmesi ciddi bir güvenlik açığıdır ve Anthropic gibi büyük şirketler için bu tür bir ihlal, anında kamuoyuna duyurulur ve soruşturma açılır.
* Telif Hakkı Uyarıları: Bazı kullanıcılar, Anthropic'in telif hakkı ihlali nedeniyle gönderdiği otomatik uyarı mesajlarını (DMCA) "casus yazılımı" olarak yanlış yorumlayabilirler.
Özetle: Şu anki bilgiler ışığında bu iddia doğru (2/3)
froq
in reply to Yazılım Teknisyeni • • •Sebastian Lasse
in reply to Matthias Ott • • •Claude installs spyware?
^ FYI @digitalcourage
PS
bigbrotherawards.de/nominieren
I did already nominate an evil git platform. Anyone else ?
Nominieren | BigBrotherAwards
bigbrotherawards.demasukomi
in reply to Matthias Ott • • •Confirmed on most of those and Opera too.
George Liquor, American
in reply to Matthias Ott • • •lolololololol
And these are the AI "good guys," right?
Burn it all down
ts 🚇
in reply to Matthias Ott • • •mirabilos🐈⬛
in reply to Matthias Ott • • •Neil Van Dyke
in reply to Matthias Ott • • •J$
in reply to Matthias Ott • • •Steve Thompson PhD
in reply to Matthias Ott • • •rich
in reply to Matthias Ott • • •it saves time.
Zoidberg For President
in reply to Matthias Ott • • •Burn them all down: the data centers, the billionnaires, the tech bros, their allies, the nations, everything.
Fuckin fed up...
Luna chan
in reply to Matthias Ott • • •gbsills
in reply to Matthias Ott • • •Annie G
in reply to Matthias Ott • • •So, if I understand correctly, this is not so much the fault of the browsers, which are traditionally built to trust this set-up in order to function the way we expect; it's that the Claude desktop install violates an implicit (or is it explicit?) understanding in commercial software that such files/permissions should be disclosed to the user at the time of installation, and require approval. Which means it's really not the fault of the various browsers, whatever one may think of one or another...
It's just Anthropic behaving as expected.
rinsuki
in reply to Matthias Ott • • •Orion Ussner kidder
in reply to Matthias Ott • • •Klingon Sponge
in reply to Matthias Ott • • •You mean a company in an industry that is fueled by wide-scale content theft can't be trusted!
aura, disgraced heretic
in reply to Matthias Ott • • •Out of Control 🇨🇦
in reply to Matthias Ott • • •