Forget scare tactics—new research from OALabs Research shows that bad actors are looking to “annoy” their way into obtaining the Google Chrome log-in credentials of their next victims.

According to a Sept. 11 research note, hackers are using a new attack technique alongside information stealing malware to force victims into coughing up their Google account password.

What’s the magic (pass)word? The technique is mainly deployed through Amadey malware, which uses an AutoIt script to launch an individual’s browser in kiosk mode—a setting that restricts their device to running a single application in full-screen mode, similar to a self-service kiosk—and direct them to the login page of a targeted service. While in kiosk mode, the Escape and F11 keyboard keys, which would bypass full-screen mode under normal circumstances, become disabled.

“This tactic annoys the victim into entering their credentials in an attempt to close the window,” the researchers wrote. “Once the credentials are entered, they are stored in the browser’s credential store on disk and can be stolen using stealer malware, which is deployed along with the credential flusher.”

OALab researchers claim that the technique has been used by hackers since August of this year in “conjunction” with StealC, a credential stealing malware.

Read the rest here.—BM

Your IT might be holding you back from truly effective AI. What are you doing so your IT is able to support it? Optimize your technology and operations to support AI workloads through automation and AI-ready, hybrid cloud infrastructure with IBM. IBM can help you maximize the value of your own data while meeting your technology and compute needs across multiple cloud and on-premise environments to fuel AI.

Unite your IT to unleash AI across your business by:

• simplifying technology management and operations with automation
• unlocking more ROI from your IT estate to drive AI initiatives
• building a data and AI-ready IT infrastructure

Get started.

Threat actors are using well-known retail brand names to carry out a number of cryptocurrency scams, and the number of fraudulent attacks is increasing.

That’s according to new research from cybersecurity company DomainTools. Its CISO Daniel Schwalbe told IT Brew that it discovered the scams after detecting a fraud site through one of its monitoring tools.

“We ended up finding 5,000+ domains that were all related to this,” Schwalbe said.

Break it down. The resulting report details the three main “clusters” of scam attacks they detected:

• E-commerce domain fraud. This is when attackers use dummy sites that appropriate the appearance of established retail web pages to gain unsuspecting customer trust. They use these sites to draw traffic and commit fraud, taking customer money for items that don’t exist.
• Brand impersonation. Using familiar looking sites with urls that don’t quite line up—like “amazon2000.com” and “amazon300.com,” for example—attackers lure in desperate people with promises of making money through the fake outlet. Users are told to invest in crypto as a part of the scam and to recruit other potential victims.
• Crop of imitators. The success of the first two clusters has led to copycats. Using different domains, attackers leverage brand reliability to engage in crypto scams.

Unethical approach. All the scams are using consumer trust to manipulate users. But taking advantage of people who are in dire straits is particularly vicious, Schwalbe told IT Brew.

Read more here.—EH

What’s the difference between a standard deviation and a variance?

If you don’t know, Babson College has the bot for you, and for the undergrads in Fundamentals of Business Analytics I.

“In some sense, the MathBot is just a supercharged collection of textbooks with a really fancy index,” Nathan Karst, a professor of applied mathematics, department chair, and campus facilitator of generative-AI pilots like MathBot, told IT Brew.

A class act. “Fundamentals” instructor Professor George Recck feels his class is the right fit for a tech tryout—a course that often references open-source material, but is “not quite x equals six,” he said. Probability and statistical models may provide undergrads with individual data points, but students have to interpret: “Does this number make sense?”

The computational model, built on Microsoft Azure and using GPT 4, pulls from around 10 open-source textbooks to answer questions like: “Define linear regression,” “What is a scatter plot,” and a follow-up like, “When would a scatter plot show a linear relationship?”

For the clueless who have no idea that a scatter plot is a graph representing the relationship between two sets of data—obviously—the MathBot provides concise answers, with citations to the referred-to textbook and links to the textbook page. The output provides potential assurance for the nervous newcomer on campus who may not want to attend office hours or ask a question in class, Recck said.

Keep reading here.—BH

Transforming enterprises from the inside out. Join Forrester and top software providers to learn how AI is transforming operations. Discover implementation strategies, ROI analysis, and performance-boosting tools for the C-suite. Join now.