Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Linux RootKit
Cyber Hacking Cyber Security cybersecurity vulnerabilities data access Hacking Attack Linux Linux RootKit

CRIL Uncovers ShadowHS: Fileless Linux Post-Exploitation Framework Built for Stealthy Long-Term Access

 

Operating entirely in system memory, Cyble Research & Intelligence Labs (CRIL) uncovered ShadowHS, a Linux post-exploitation toolkit built for covert persistence after an initial breach. Instead of dropping binaries on disk, it runs filelessly, helping it bypass standard security checks and leaving minimal forensic traces. ShadowHS relies on a weaponized version of hackshell, enabling attackers to maintain long-term remote control through interactive sessions. This fileless approach makes detection harder because many traditional tools focus on scanning stored files rather than memory-resident activity. 

CRIL found that ShadowHS is delivered using an encrypted shell loader that deploys a heavily modified hackshell component. During execution, the loader reconstructs the payload in memory using AES-256-CBC decryption, along with Perl byte skipping routines and gzip decompression. After rebuilding, the payload is executed via /proc//fd/ with a spoofed argv[0], a method designed to avoid leaving artifacts on disk and evade signature-based detection tools. 

Once active, ShadowHS begins with reconnaissance, mapping system defenses and identifying installed security tools. It checks for evidence of prior compromise and keeps background activity intentionally low, allowing operators to selectively activate functions such as credential theft, lateral movement, privilege escalation, cryptomining, and covert data exfiltration. CRIL noted that this behavior reflects disciplined operator tradecraft rather than opportunistic attacks. 

ShadowHS also performs extensive fingerprinting for commercial endpoint tools such as CrowdStrike, Tanium, Sophos, and Microsoft Defender, as well as monitoring agents tied to cloud platforms and industrial control environments. While runtime activity appears restrained, CRIL emphasized the framework contains a wider set of dormant capabilities that can be triggered when needed. 

A key feature highlighted by CRIL is ShadowHS’s stealthy data exfiltration method. Instead of using standard network channels, it leverages user-space tunneling over GSocket, replacing rsync’s default transport to move data through firewalls and restrictive environments. Researchers observed two variants: one using DBus-based tunneling and another using netcat-style GSocket tunnels, both designed to preserve file metadata such as timestamps, permissions, and partial transfer state. 

The framework also includes dormant modules for memory dumping to steal credentials, SSH-based lateral movement and brute-force scanning, and privilege escalation using kernel exploits. Cryptomining support is included through tools such as XMRig, GMiner, and lolMiner. ShadowHS further contains anti-competition routines to detect and terminate rival malware like Rondo and Kinsing, as well as credential-stealing backdoors such as Ebury, while checking kernel integrity and loaded modules to assess whether the host is already compromised or under surveillance.

CRIL concluded that ShadowHS highlights growing challenges in securing Linux environments against fileless threats. Since these attacks avoid disk artifacts, traditional antivirus and file-based detection fall short. Effective defense requires monitoring process behavior, kernel telemetry, and memory-resident activity, focusing on live system behavior rather than static indicators.
Read more »
Cyber Security
Affiliate Hijack ChatGPT Theft Chrome Extension Cyber Security

Malicious Chrome Extensions Hijack Affiliate Links and Steal ChatGPT Tokens

 

Cybersecurity researchers have uncovered a alarming surge in malicious Google Chrome extensions that hijack affiliate links, steal sensitive data, and siphon OpenAI ChatGPT authentication tokens. These deceptive add-ons, masquerading as handy shopping aids and AI enhancers, infiltrate the Chrome Web Store to exploit user trust. Disguised tools like Amazon Ads Blocker from "10Xprofit" promise ad-free browsing but secretly swap creators' affiliate tags with the developer's own, robbing influencers of commissions across Amazon, AliExpress, Best Buy, Shein, Shopify, and Walmart.

Socket Security identified 29 such extensions in this cluster, uploaded as recently as January 19, 2026, which scan product URLs without user interaction to inject tags like "10xprofit-20." They also scrape product details to attacker servers at "app.10xprofit[.]io" and deploy fake "LIMITED TIME DEAL" countdowns on AliExpress pages to spur impulse buys. Misleading store listings claim mere "small commissions" from coupons, violating policies that demand clear disclosures, user consent for injections, and single-purpose designs.

Broadcom's Symantec separately flagged four data-thieving extensions with over 100,000 installs, including Good Tab, which relays clipboard access to "api.office123456[.]com," and Children Protection, which harvests cookies, injects ads, and executes remote JavaScript. DPS Websafe hijacks searches to malicious sites, while Stock Informer exposes users to an old XSS flaw (CVE-2020-28707). Researchers Yuanjing Guo and Tommy Dong stress caution even with trusted sources, as broad permissions enable unchecked surveillance.

LayerX exposed 16 coordinated "ChatGPT Mods" extensions—downloaded about 900 times—that pose as productivity boosters like voice downloaders and prompt managers. These inject scripts into chatgpt.com to capture session tokens, granting attackers full account access to conversations, metadata, and code. Natalie Zargarov notes this leverages AI tools' high privileges, turning trusted brands into deception vectors amid booming enterprise AI adoption.

Compounding risks, the "Stanley" malware-as-a-service toolkit, sold on Russian forums for $2,000-$6,000, generates note-taking extensions that overlay phishing iframes on bank sites while faking legitimate URLs. Premium buyers get Chrome Store approval guarantees and C2 panels for victim management; it vanished January 27, 2025, post-exposure but may rebrand. Varonis' Daniel Kelley warns browsers are now prime endpoints in BYOD and remote setups.

Users must audit extensions for mismatched features, excessive permissions, and vague disclosures—remove suspects via Chrome settings immediately. Limit installs to verified needs, favoring official apps over third-party tweaks. As e-commerce and AI extensions multiply, proactive vigilance thwarts financial sabotage and data breaches in this evolving browser battlefield.
Read more »
Web Infrastructure Security
BadIIS Malware China Linked Threats Cybercrime Operations data theft attacks IIS Server Attacks malware SEO Fraud Campaign UAT-8099 Web Infrastructure Security

BadIIS Malware Used in Coordinated Attacks on Asian Web Servers


 

There was an ongoing quiet, methodical campaign unfolding across many sections of the web infrastructure in Asia by the spring of 2025, a campaign which did not rely on loud disruptions or overt destruction, but instead relied on subtle manipulation of trust. 

Cisco Talos researchers have discovered evidence that a Chinese-speaking threat group known as UAT-8099 has been systematically infiltrating vulnerable Microsoft Internet Information Services (IIS) servers that hold established credibility within their region's digital eco-systems as a result of ongoing campaign of spam attacks. 

In contrast to targeting any system that could be compromised indiscriminately, the attackers opted for high-reputation servers, leveraging the ranking of such servers to manipulate search engine results and generate illicit revenue rather than targeting every exposed system. 

With a specialized SEO fraud operation, UAT-8099 also combined its manipulation with deeper post-compromised activity by accessing compromised systems with Remote Desktop Protocol access and searching for sensitive certificates, credentials, configuration files, and logs, assets which could be repurposed in follow-on attacks or aquired quietly into underground markets, making it a powerful enterprise.

In this instance, it underscores the persistent threat posed by exposing, internet-facing infrastructure, especially in cases where critical services are exposed, and are vulnerable to compromise. According to Cisco Talos findings, UAT-8099 has demonstrated that it has taken a multifaceted approach to compromising a system, as it does not merely consider susceptible IIS servers to be entry points but also as long-term assets in its criminal workflow as a whole. 

By gaining access to these systems, the group then uses them as a covert way to forward searches in mobile search to spam-driven advertising networks and gambling platforms that are illicit, allowing them to monetize the established credibility of well-known organizations. 

Meanwhile, the attackers harvest sensitive information contained on the servers in a systematic manner, including authentication information as well as internal access records, which may be used for later intrusions or are sold on underground markets in order to maintain control over the servers. 

There are some operations that are common to Chinese-language SEO fraud collectives that exhibit UAT-8099's operational characteristics—and they are similar to the clusters that have been tracked by other security firms such as GhostRedirector and CL-UNK-1037. However, the boundaries between these groups remain indistinct, indicating that financial motivations play an integral role in the evolution of cybercrime.


There is some evidence that indicates that the activity is linked to a Chinese-based threat cluster that has been ongoing since April 2025, with operational evidence indicating that the campaign began in April of that year. The analysis also shows significant parallels with a separate BadIIS attack, identified by WithSecure as WEBJACK by Finnish cybersecurity firm WithSecure, which includes similar tooling, command-and-control infrastructures, and patterns in victim selection.

Cisco Talos has observed a significant increase in activity against IIS servers located in India, Pakistan, Thailand, Vietnam, and Japan during the recent wave of activity. In particular, Cisco Talos has noted an increase in targeting in Thailand and Vietnam. This geographic focus reflects a broader refinement in the group's targeting strategy, which is why the attackers prioritize regions where compromised servers can be exploited in order to monetize and maintain long-term control. 

The Talos researchers have noted that UAT-8099 has shown a significant evolution in terms of its tradecraft from a technical perspective. The group is still relying on web shells and network utilities like SoftEther VPN and EasyTier to maintain access to infected servers, but it has increasingly incorporated red team frameworks and legitimate administrative tools in order to reduce its footprint and extend its longevity. 

An initial attack typically involves exploiting vulnerabilities within IIS environments or misconfigured file upload mechanisms to gain access to the host system. Once the attackers have embedded themselves within the host system, they conduct reconnaissance in order to profile it, create concealed user accounts to establish persistence, and set up utilities aimed at suppressing forensic visibility, disabling defensive controls, and facilitating remote control of the system.

This attack ensures uninterrupted operation of the SEO fraud infrastructure by dynamically adjusting the persistence mechanisms to counter detection measures that flag previously used account names. As a result, attackers create alternative hidden accounts to ensure their persistence mechanisms are constantly adjusted. 

BadIIS malware represents the last stage of the attack chain, and variants have been observed that have been specifically tailored for regional audiences. A strain of the virus was specifically developed to target systems in Vietnam, while another strain of the virus was designed specifically for Thai-based environments or users who speak the Thai language.

It intercepts and evaluates inbound web traffic, identifies search engine crawlers, and covertly redirects them to fraudulent SEO sites despite these customizations. By injecting malicious scripts into server responses, the malware manipulates server responses for ordinary users, particularly those whose browser language settings match the targeted region. 

There is a twin-path approach to this operation, which enables them to quietly manipulate search rankings without the risk of being discovered by legitimate visitors, increasing the significance of the group's emphasis on stealth and sustained exploitation as a result. 

Despite its importance as a foundational component of web infrastructure for organizations across sectors, Microsoft Internet Information Services remains one of the most easily abused components of the Internet.

When the security controls on the IIS environment are not adequate, it is an easy target for abuse. Threat actors have proven that compromised IIS environments can be repurposed to deliver malicious or misleading content to unwitting visitors, effectively turning trusted websites into distribution points for criminals. 

There have been recent examples in which newly observed malware variants were primarily used to promote online gambling content, although security experts caution that this technique is easily capable of being applied to large-scale malware delivery or carefully crafted watering hole attacks that target specific audiences as well. 

It is worth emphasizing that unsecured web servers that retain outward signs of legitimacy pose a broader risk than simply adapting to these methods. In addition to technical disruption, the consequences of a misuse of a reputable website can have long-term consequences for organizations affected. 

A misuse of a reputable website can lead to a loss of user confidence, erode reputations, and expose site owners to a variety of legal and regulatory scrutiny, especially when they are found to have a role in malicious activity. Those who work in the field of cybersecurity emphasize the importance of disciplined server management as well as proactive defense measures in order to reduce such risks. '

Among the key tasks that must be accomplished is maintaining a clear inventory of internet-facing assets, applying security updates on a timely basis, and closely monitoring the IIS environments for irregular modules installed or binaries placed in unanticipated locations. 

An attacker's ability to operate undetected can be further hindered if additional safeguards are put in place, such as limiting administrative access, enforcing strong authentication mechanisms backed by multifactor authentication, and regulating inbound and outbound traffic using firewalls. 

It remains important to perform continuous log analysis in order to minimize the attack surface of IIS deployments while maintaining their integrity. It is clear that UAT-8099's activities have a major impact on the stolen sensitive data from compromised environments, both immediately and tangiblely. 

Once access has been secured, this group reinforces its foothold by deploying additional backdoors, as well as commercial-grade post-exploitation frameworks, and they proceed to collect credentials, configuration files, and digital certificates that are used to support additional intrusions or that can be monetized through underground channels in order to strengthen its foothold. 

The secondary layer of exploitation aims to exploit vulnerable IIS servers to create staging points for larger campaigns, extending the risk much further than the initial compromise, and increasing the value of the targeted systems as a result. However, much of the group’s activity remains largely unknown both to the affected organizations as well as to the users of the website, making detection and response a challenging task. 

There is a tendency for site owners to dismiss external warnings as false positives since the integrity and outward appearance of compromised websites usually remain the same, and it is believed that no visible changes equate to the lack of intrusion on the compromised website. 

The perception gap, according to practitioners in threat intelligence, is often at the core of remediation efforts, despite attempts at the national and sectorion levels of alerting organizations to covert compromises. In spite of the fact that the immediate effects may seem abstract or low priority, experts warn that the underlying vulnerabilities that are being exploited are anything but benign. 

In the same way that hackers can silently manipulate content or insert hidden redirects by utilizing the same weaknesses, malicious scripts can also be injected into a system that will harvest session cookies, login credentials, and payment information from legitimate users, putting organizations at greater risk than they ever imagined.

It was revealed by an analysis of the latest BadIIS variants that they were designed in a modular way that supported a variety of operational modes while remaining undetected. As the malware is working in proxy mode, it validates the request paths and decodes an embedded command-and-control address. This address is used by the malware as an intermediary for fetching content from secondary infrastructure, which is then relayed back through the Internet Information System. 

It is important to note that the responses submitted to search engines are modified before they are routed. This is done to simulate legitimate HTTP traffic with content being injected directly into the bodies of response via native IIS APIs, ensuring seamless delivery without affecting the server itself. 

Additionally, the malware's SEO fraud capability relies on large-scale backlink manipulation: exploiting compromised servers, it displays search engines with HTML-based link structures intended to artificially inflate rankings for attacker-controlled domains, thereby attempting to fool search engines into believing users are the owner of the site. 

There is also an injector mode that enables users tasked with searching for the answer to a search query, retrieved JavaScript from remote servers and embedded in web responses to trigger covert redirections, which can be used with this approach. When operators host redirect logic externally instead of within the malware itself, they have the option of switching destinations, localizing messages by region, and evading signature-based defenses. 

Additionally, a second cluster of BadIIS samples enhances these capabilities by implementing additional request-handling mechanisms to enforce redirects at multiple stages of the HTTP lifecycle and supporting a variety of hijacking scenarios ranging from a complete site replacement to selective homepage redirection or path-based proxying, as well as providing different levels of functionality. 

All these features are taken together to demonstrate a mature, adaptable framework, capable of manipulating search ecosystems as well as exploiting trust web infrastructure for long-term abuse without being visible to victims or their families. It's important to mention that security experts caution that this campaign highlights what is arguably one of the most serious risks facing organizations that use internet-facing web infrastructure to function. 

There is a possibility that IIS servers, which have not been properly hardened, will gradually become long-term assets for cybercriminal operations without causing immediate operational alarms when left unhardened. 

As a result, organizations should reassess their web environments' security posture, and to treat reputation and visibility as potential risks, rather than as safeguards, as they might be. There is an increasing need for proactive patch management, strict access controls, continuous monitoring, and regular integrity checks, which are regarded not as best practices but as a fundamental requirement. 

Campaigns such as UAT-8099 show us that despite the absence of visible disruption, compromise is still a threat, and organizations and their users may suffer far more severe outcomes if they fail to address these silent threats in the future.
Read more »
Department of Homeland Security
AI Systems CISA Cyber Security Cyber Threats data security Department of Homeland Security

CISA Issues New Guidance on Managing Insider Cybersecurity Risks

 



The US Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance warning that insider threats represent a major and growing risk to organizational security. The advisory was issued during the same week reports emerged about a senior agency official mishandling sensitive information, drawing renewed attention to the dangers posed by internal security lapses.

In its announcement, CISA described insider threats as risks that originate from within an organization and can arise from either malicious intent or accidental mistakes. The agency stressed that trusted individuals with legitimate system access can unintentionally cause serious harm to data security, operational stability, and public confidence.

To help organizations manage these risks, CISA published an infographic outlining how to create a structured insider threat management team. The agency recommends that these teams include professionals from multiple departments, such as human resources, legal counsel, cybersecurity teams, IT leadership, and threat analysis units. Depending on the situation, organizations may also need to work with external partners, including law enforcement or health and risk professionals.

According to CISA, these teams are responsible for overseeing insider threat programs, identifying early warning signs, and responding to potential risks before they escalate into larger incidents. The agency also pointed organizations to additional free resources, including a detailed mitigation guide, training workshops, and tools to evaluate the effectiveness of insider threat programs.

Acting CISA Director Madhu Gottumukkala emphasized that insider threats can undermine trust and disrupt critical operations, making them particularly challenging to detect and prevent.

Shortly before the guidance was released, media reports revealed that Gottumukkala had uploaded sensitive CISA contracting documents into a public version of an AI chatbot during the previous summer. According to unnamed officials, the activity triggered automated security alerts designed to prevent unauthorized data exposure from federal systems.

CISA’s Director of Public Affairs later confirmed that the chatbot was used with specific controls in place and stated that the usage was limited in duration. The agency noted that the official had received temporary authorization to access the tool and last used it in mid-July 2025.

By default, CISA blocks employee access to public AI platforms unless an exception is granted. The Department of Homeland Security, which oversees CISA, also operates an internal AI system designed to prevent sensitive government information from leaving federal networks.

Security experts caution that data shared with public AI services may be stored or processed outside the user’s control, depending on platform policies. This makes such tools particularly risky when handling government or critical infrastructure information.

The incident adds to a series of reported internal disputes and security-related controversies involving senior leadership, as well as similar lapses across other US government departments in recent years. These cases are a testament to how poor internal controls and misuse of personal or unsecured technologies can place national security and critical infrastructure at risk.

While CISA’s guidance is primarily aimed at critical infrastructure operators and regional governments, recent events suggest that insider threat management remains a challenge across all levels of government. As organizations increasingly rely on AI and interconnected digital systems, experts continue to stress that strong oversight, clear policies, and leadership accountability are essential to reducing insider-related security risks.

Read more »
Stealth Attack
GoTo Resolve malware Malware PUA Threat Ransomware Stealth Attack

GoTo Resolve Tool Mimics Ransomware Tactics in Stealth Attacks

 

Security researchers have raised alarms over a remote administration tool that can quietly turn into a stealthy entry point for cybercriminals. The program, flagged as HEURRemoteAdmin.GoToResolve.gen, is now classified as a Potentially Unwanted Application (PUA) due to the way it conceals its presence and behavior from end users. 

The warning comes from the Lat61 Threat Intelligence Team at Point Wild, a data breach prevention firm that analyzed how this tool can transform a routine IT utility into a serious security liability. According to their report, the application is linked to GoTo Resolve, a legitimate platform formerly known as LogMeIn, widely used by IT support teams for remote access and troubleshooting. 

What makes this case particularly concerning is the tool’s ability to install and operate “silently,” maintaining a persistent foothold on the system without any visible prompts or notifications. Researchers found it buried in a directory named C:\Program Files (x86)\GoTo Resolve Unattended\, along with a bundled file called “32000~” that contains hidden instructions for managing the application in the background. 

Because it runs unattended, this component effectively creates a new attack surface, similar to leaving a window unlocked for intruders. Threat actors who manage to hijack the tool could exploit its background capabilities to move laterally, gather intelligence, or prepare a larger compromise, all without attracting attention from the user sitting at the keyboard.

The most disturbing link is to ransomware tradecraft through the use of the Windows Restart Manager library, RstrtMgr.dll. This DLL has been abused in past campaigns by high-profile groups like Conti and Cactus ransomware, as well as the BiBi wiper, to terminate processes that might block file encryption or forensic analysis, including antivirus tools and security services. Even more deceptive is the fact that the software carries a valid digital signature from GoTo Technologies USA, LLC, giving it an appearance of full legitimacy in the eyes of both users and operating systems.

Experts stress that a trusted signature does not guarantee safe behavior and warn organizations to treat this tool as a high-risk component unless explicitly approved and monitored by their security teams, calling its stealthy execution and Restart Manager loading a form of “dangerous pre-positioning” for future, more destructive attacks.
Read more »
Large-scale breaches
Cyber Attacks Cyber Breaches cybercrime group cybercrime group attack Dragos Dragos cybersecurity Dragos hacked Large-scale breaches

Dragos Links Coordinated Polish Power Grid Cyberattack to Russia-Backed ELECTRUM Group

A wave of connected cyber intrusions struck multiple points in Poland’s electricity infrastructure near the end of 2025. Dragos, an industrial control system security firm, assessed with limited certainty that the activity aligns with a Russia-linked group known as ELECTRUM. While attribution is not definitive, the techniques and patterns resemble previous operations tied to the cluster. Investigators also flagged unusual entry routes through third-party maintenance channels, with disruptions occurring amid heightened geopolitical tensions. No major blackouts followed, but systems recorded repeated probing attempts. Response teams moved quickly to isolate affected segments, and attribution was supported by forensic traces left during the breaches. Officials emphasized continued vigilance despite containment. 

At one site, critical hardware was destroyed and left unusable, marking what Dragos described as the first large-scale cyberattack focused on decentralized energy systems such as wind turbines and solar generation connected to the grid. Operational technology used in electricity distribution was accessed without authorization, and systems managing renewable output faced interference even though overall service stayed online. Communication failures also affected combined heat and power facilities. Entry was gained through systems tied to grid stability, with damage remaining localized but irreversible at one location. 

Dragos noted links between ELECTRUM and another group, KAMACITE, with overlaps consistent with the broader Sandworm ecosystem, also tracked as APT44 or Seashell Blizzard. KAMACITE is believed to specialize in initial access, using spear-phishing, stolen credentials, and attacks against exposed public-facing systems. 

After entry, KAMACITE reportedly conducts quiet reconnaissance and persistence in OT environments, creating conditions for later action. Once access is established, ELECTRUM activity is assessed to bridge IT and OT networks, deploying tooling inside operational systems. Actions attributed to ELECTRUM can include manipulating control systems or disrupting physical processes, either through direct operator interface interaction or purpose-built ICS malware depending on objectives. 

Dragos described a division of roles between the clusters that enables long-term access and flexible execution, including delayed disruption. Even without immediate damage, persistent access can create long-term risk. KAMACITE-linked activity also appears geographically unconstrained, with scanning against U.S. industrial systems reported as recently as mid-2025. 

In Poland, attackers targeted systems that connect grid operators with distributed energy resources, disrupting coordination. Roughly three dozen sites experienced operational impact. Investigators said poorly secured network devices and exploited vulnerabilities enabled entry, allowing intruders to reach Remote Terminal Units and move through communications infrastructure. Dragos said the attackers showed strong knowledge of grid systems, successfully disabling communications tools and certain OT components. 

However, the full scope remains unclear, including whether operational commands were issued or whether the focus stayed on communications disruption. Overall, Dragos assessed the incident as more opportunistic than carefully planned, with attackers attempting rapid disruption once inside by wiping Windows systems, resetting configurations, and trying to permanently brick equipment. The hardest-hit devices supported grid safety and stability monitoring. 

Dragos concluded that the damage shows OT intrusions are shifting from preparation into active attacks against systems that manage distributed generation.
Read more »
VPN Security Risks
Botnet Operations Consumer Device Exploitation Cyber Attacks Cybercrime Infrastructure Google Threat Intelligence Malware SDK Abuse Residential Proxy Networks VPN Security Risks

Google Targets Residential Proxy Services Fueled by Malware Operations

 


The underlying ecosystem of legitimate proxy and VPN providers might appear to be fragmented at the surface, but as far as Google is concerned, there is something much more coordinated and deceptive below the surface. In a recent investigation conducted by Google's Threat Intelligence Group, an extensive operation centered on an elaborate network known as IPIDEA was uncovered.

IPIDEA, the network, allegedly exercised covert control over several proxy and VPN brands that presented themselves as independent, trustworthy entities. It is now clear that these brands are managed by the very same malicious operators, who employ misleading practices to steal residential IP addresses from unwitting users and combine them with an immense proxy infrastructure, which is the result of the research. 

As part of the IPIDEA ecosystem of proxy and virtual private network services, Google has taken coordinated action to dismantle what it believes to be one of the largest residential proxy networks in the world, as it moves against it. Through this effort, which is being conducted in collaboration with external partners, it is being hoped that infrastructure will be ripped apart that has historically enabled cybercrime, espionage, and large-scale fraud by making use of the false identities of ordinary internet users to disguise malicious activity behind their internet connections.

Using IPIDEA's software development kits, Google's Threat Intelligence Group was able to enroll compromised devices in botnets as well as use its proxy services to manage and exploit those compromised devices at large scale. It was Google's legal measures that disrupted these activities, resulting in the takedown of dozens of domain names that were used to route proxy traffic and control infected systems in an effort to prevent further attacks.

Although IPIDEA used to advertise themselves as a leading global proxy provider with millions of daily updated residential IP addresses, its primary website is no longer accessible, despite previously advertising itself as a leading global proxy provider. 

According to Google, the network's infrastructure had been utilized by more than 550 distinct threat groups globally up until this month, spanning cybercriminal enterprises and state-aligned actors from countries such as China, Russia, Iran, and North Korea, according to Google.

Researchers reported that a variety of activities were observed, including intrusions into SaaS environments as well as on-premises networks, password-spray campaigns, and broader espionage operations. 

A residential proxy service has become a central enabler of modern threats by giving attackers the ability to blend in with legitimate internet traffic at home and evade detection as a means of escaping detection, a statement underscored by the report. It is not known whether Google's Threat Intelligence Group has officially attributed IPIDEA's operation to a particular individual, but the artifacts that were gathered during the investigation may give some insight into the operation. 

As a result of the research, digital certificates analyzed by researchers were linked to Hong Kong-based business entities, which indicated that the network was backed up by an organizational structure. As Google claims, the operators exercised centralized control over at least 13 different proxy and virtual private network brands, including IPIDEA, 360 Proxy, ABC Proxy, Luna Proxy, and PIA S5 Proxy, which appeared to be independent services. 

A significant part of the network's expansion was fueled by the covert distribution of software development kits that were embedded in seemingly legitimate applications. This was a strategy that led users to turn their devices into residential exit nodes that could route third party traffic for a considerable period of time. 

Over 600 Android applications and over 3,000 Windows programs were found in Google's search results that contained the code for IPIDEA, many of which were marketed as utilities, games, or VPN tools. 

Even though the SDKs were marketed to developers as benign mechanisms for monetizing their applications, they often offered payouts based on the number of installs and wide compatibility between platforms, but researchers found that the underlying functionality enabled large amounts of consumer devices to be repurposed as proxy infrastructures, raising concerns about how unsuspecting users were lured into such an operation without the awareness or consent of the users themselves. 

There are many technical and commercial mechanisms underlying IPIDEA that have been examined by Google in greater detail, revealing a highly organized and adaptive proxy ecosystem rather than a single service, as portrayed by the company in its investigation. As the company pointed out, IPIDEA controlled multiple monetization software development kits, including Castar, Earn, Hex, and Packet, all of which shared similar code patterns and command-and-control infrastructures.

It was known that these SDKs used a two-tier system, through which infected devices connected first to tier-one domains and obtained instructions and connection details from a rotating pool of around 7,400 tier-two servers, a number that fluctuated daily and was determined by operational conditions. 

In addition to proxy services, the same infrastructure could also be embedded in VPN applications, like Galleon VPN, Radish VPN, and the now-defunct Aman VPN, that provided the users with functionality they expected. Additionally, devices were also enrolled as exit nodes in the proxy network at the same time. 

During its investigation, Google discovered that there were more than 3,500 Windows executables and over 600 Android applications communicating with IPIDEA-controlled domains, most of them masquerading as legitimate system utilities, games, or content apps. 

Consequently, Google and its partners began seeking legal action to dismantle the network's command-and-control and marketing domains, updated Google Play Protect so users would receive warnings and that affected applications would be automatically removed from certified devices.

In addition, he pointed out that such proxy services can pose a wider range of risks, since they can not only route third party traffic but also deliver malicious traffic to enrolled devices. According to the company, IPIDEA represents only one element of a larger ecosystem involving residential proxy abuse, encompassing not only IPIDEA but other tools such as ByteConnect and services from AISURU and Kimwolf as well. 

As a result, SDKs geared towards monetization are becoming increasingly popular as a means of exploitation of large-scale consumer devices. In the case of IPIDEA, researchers believe that there is an underlying threat to residential proxy services, which blurs the line between legitimate infrastructure and covert abuse, illustrating a broader and growing risk. 

According to Google’s research, such networks thrive when user trust is exploited, inserted into everyday applications, and consumer VPN tools, while quietly transforming personal devices into operational assets for cybercriminals as well as state-aligned actors.

Argus warns that an increasingly sophisticated technology infrastructure allows malicious traffic to blend seamlessly into normal household internet activity and that a greater level of scrutiny is needed for third-party SDKs and better safeguards around app monetization practices. This is the state of affairs with the increasing sophistication and scale of these operations.

IPIDEA has been disrupted and protections are tightened through Google Play Protect as a result of disrupting IPIDEA's infrastructure. In addition to neutralizing a single network, the company said it wanted to raise awareness that seemingly benign digital services can be weaponized and that developers, platform providers, and users must remain vigilant against hidden proxy abuse in order to prevent it from occurring.
Read more »
Technology
AI AI in gaming AI world model generative AI games Genie 3 Google DeepMind Google Project Genie Technology

Google’s Project Genie Signals a Major Shift for the Gaming Industry

 

Google has sent a strong signal to the video game sector with the launch of Project Genie, an experimental AI world-model that can create explorable 3D environments using simple text or image prompts.

Although Google’s Genie AI has been known since 2024, its integration into Project Genie marks a significant step forward. The prototype is now accessible to Google AI Ultra subscribers in the US and represents one of Google’s most ambitious AI experiments to date.

Project Genie is being introduced through Google Labs, allowing users to generate short, interactive environments that can be explored in real time. Built on DeepMind’s Genie 3 world-model research, the system lets users move through AI-generated spaces, tweak prompts, and instantly regenerate variations. However, it is not positioned as a full-scale game engine or production-ready development tool.

Demonstrations on the Project Genie website showcase a variety of scenarios, including a cat roaming a living room from atop a Roomba, a vehicle traversing the surface of a rocky moon, and a wingsuit flyer gliding down a mountain. These environments remain navigable in real time, and while the worlds are generated dynamically as characters move, consistency is maintained. Revisiting areas does not create new terrain, and any changes made by an agent persist as long as the system retains sufficient memory.

"Genie 3 environments are … 'auto-regressive' – created frame by frame based on the world description and user actions," Google explains on Genie's website. "The environments remain largely consistent for several minutes, with memory recalling changes from specific interactions for up to a minute."

Despite these capabilities, time constraints remain a challenge.

"The model can support a few minutes of continuous interaction, rather than extended hours," Google said, adding elsewhere that content generation is currently capped at 60 seconds. A Google spokesperson told The Register that Genie can render environments beyond that limit, but the company "found 60 seconds provides a high quality and consistent world, and it gives people enough time to explore and experience the environment."

Google stated that world consistency lasts throughout an entire session, though it remains unclear whether session durations will be expanded in the future. Beyond time limits, the system has other restrictions.

Agents in Genie’s environments are currently limited in the actions they can perform, and interactions between multiple agents are unreliable. The model struggles with readable text, lacks accurate real-world simulation, and can suffer from lag or delayed responses. Google also acknowledged that some previously announced features are missing.

In addition, "A few of the Genie 3 model capabilities we announced in August, such as promptable events that change the world as you explore it, are not yet included in this prototype," Google added.

"A world model simulates the dynamics of an environment, predicting how they evolve and how actions affect them," the company said of Genie. "While Google DeepMind has a history of agents for specific environments like Chess or Go, building AGI requires systems that navigate the diversity of the real world."

Game Developers Face an Uncertain Future

Beyond AGI research, Google also sees potential applications for Genie within the gaming industry—an area already under strain. While Google emphasized that Genie "is not a game engine and can’t create a full game experience," a spokesperson told The Register, "we are excited to see the potential to augment the creative process, enhancing ideation, and speeding up prototyping."

Industry data suggests this innovation arrives at a difficult time. A recent Informa Game Developers Conference report found that 33 percent of US game developers and 28 percent globally experienced at least one layoff over the past two years. Half of respondents said their employer had conducted layoffs within the last year.

Concerns about AI’s role are growing. According to the same survey, 52 percent of industry professionals believe AI is negatively affecting the games sector—up sharply from 30 percent last year and 18 percent the year before. The most critical views came from professionals working in visual and technical art, narrative design, programming, and game design.

One machine learning operations employee summed up those fears bluntly.

"We are intentionally working on a platform that will put all game devs out of work and allow kids to prompt and direct their own content," the GDC study quotes the respondent as saying.

While Project Genie still has clear technical limitations, the rapid pace of AI development suggests those gaps may not last long—raising difficult questions about the future of game development.
Read more »
Google
AI ai assisted browsing Chrome Gemini Google

Google Introduces AI-Powered Side Panel in Chrome to Automate Browsing




Google has updated its Chrome browser by adding a built-in artificial intelligence panel powered by its Gemini model, marking a stride toward automated web interaction. The change reflects the company’s broader push to integrate AI directly into everyday browsing activities.

Chrome, which currently holds more than 70 percent of the global browser market, is now moving in the same direction as other browsers that have already experimented with AI-driven navigation. The idea behind this shift is to allow users to rely on AI systems to explore websites, gather information, and perform online actions with minimal manual input.

The Gemini feature appears as a sidebar within Chrome, reducing the visible area of websites to make room for an interactive chat interface. Through this panel, users can communicate with the AI while keeping their main work open in a separate tab, allowing multitasking without constant tab switching.

Google explains that this setup can help users organize information more effectively. For example, Gemini can compare details across multiple open tabs or summarize reviews from different websites, helping users make decisions more quickly.

For subscribers to Google’s higher-tier AI plans, Chrome now offers an automated browsing capability. This allows Gemini to act as a software agent that can follow instructions involving multiple steps. In demonstrations shared by Google, the AI can analyze images on a webpage, visit external shopping platforms, identify related products, and add items to a cart while staying within a user-defined budget. The final purchase, however, still requires user approval.

The browser update also includes image-focused AI tools that allow users to create or edit images directly within Chrome, further expanding the browser’s role beyond simple web access.

Chrome’s integration with other applications has also been expanded. With user consent, Gemini can now interact with productivity tools, communication apps, media services, navigation platforms, and shopping-related Google services. This gives the AI broader context when assisting with tasks.

Google has indicated that future updates will allow Gemini to remember previous interactions across websites and apps, provided users choose to enable this feature. The goal is to make AI assistance more personalized over time.

Despite these developments, automated browsing faces resistance from some websites. Certain platforms have already taken legal or contractual steps to limit AI-driven activity, particularly for shopping and transactions. This underlines the ongoing tension between automation and website control.

To address these concerns, Google says Chrome will request human confirmation before completing sensitive actions such as purchases or social media posts. The browser will also support an open standard designed to allow AI-driven commerce in collaboration with participating retailers.

Currently, these features are available on Chrome for desktop systems in the United States, with automated browsing restricted to paid subscribers. How widely such AI-assisted browsing will be accepted across the web remains uncertain.


Read more »
data security
AI companies Ai Data AI technology Cyber Security Data Center Data Centre Impact data security

SK hynix Launches New AI Company as Data Center Demand Drives Growth

 

A surge in demand for data center hardware has lifted SK hynix into stronger market standing, thanks to limited availability of crucial AI chips. Though rooted in memory production, the company now pushes further - launching a dedicated arm centered on tailored AI offerings. Rising revenues reflect investor confidence, fueled by sustained component shortages. Growth momentum builds quietly, shaped more by timing than redirection. Market movements align closely with output constraints rather than strategic pivots. 

Early next year, the business will launch a division known as “AI Company” (AI Co.), set to begin operations in February. This offshoot aims to play a central role within the AI data center landscape, positioning itself alongside major contributors. As demand shifts toward bundled options, clients prefer complete packages - ones blending infrastructure, programs, and support - over isolated gear. According to SK hynix, such changes open doors previously unexplored through traditional component sales alone. 

Though little is known so far, news has emerged that AI Co., according to statements given to The Register, plans industry-specific AI tools through dedicated backing of infrastructure tied to processing hubs. Starting out, attention turns toward programs meant to refine how artificial intelligence operates within machines. From there, financial commitments may stretch into broader areas linked to computing centers as months pass. Alongside funding external ventures and novel tech, reports indicate turning prototypes into market-ready offerings might shape a core piece of its evolving strategy.  

About $10 billion is being set aside by SK hynix for the fresh venture. Next month should bring news of a temporary leadership group and governing committee. Instead of staying intact, the California-focused SSD unit known as Solidigm will undergo reorganization. What was once Solidigm becomes AI Co. under the shift. Meanwhile, production tied to SSDs shifts into a separate entity named Solidigm Inc., built from the ground up.  

Now shaping up, the AI server industry leans into tailored chips instead of generic ones. By 2027, ASIC shipments for these systems could rise threefold, according to Counterpoint Research. Come 2028, annual units sold might go past fifteen million. Such growth appears set to overtake current leaders - data center GPUs - in volume shipped. While initial prices for ASICs sometimes run high, their running cost tends to stay low compared to premium graphics processors. Inference workloads commonly drive demand, favoring efficiency-focused designs. Holding roughly six out of every ten units delivered in 2027, Broadcom stands positioned near the front. 

A wider shortage of memory chips keeps lifting SK hynix forward. Demand now clearly exceeds available stock, according to IDC experts, because manufacturers are directing more output into server and graphics processing units instead of phones or laptops. As a result, prices throughout the sector have climbed - this shift directly boosting the firm's earnings. Revenue for 2025 reached ₩97.14 trillion ($67.9 billion), up 47%. During just the last quarter, income surged 66% compared to the same period the previous year, hitting ₩32.8 trillion ($22.9 billion). 

Suppliers such as ASML are seeing gains too, thanks to rising demand in semiconductor production. Though known mainly for photolithography equipment, its latest quarterly results revealed €9.7 billion in revenue - roughly $11.6 billion. Even so, forecasts suggest a sharp rise in orders for their high-end EUV tools during the current year. Despite broader market shifts, performance remains strong across key segments. 

Still, experts point out that a lack of memory chips might hurt buyers, as devices like computers and phones could become more expensive. Predictions indicate computer deliveries might drop during the current year because supplies are tight and expenses are climbing.
Read more »
State Sponsored Cyber Attacks
Advanced Persistent Threats APT36 Cyber Espionage Cloud Infrastructure Abuse Defense Sector Government Network Security India Pakistan Cyber Conflict malware State Sponsored Cyber Attacks

Researchers Uncover Pakistan-Linked Cyber Activity Targeting India


 

A familiar, uneasy brink appears to be looming between India and Pakistan once again, where geopolitical tension spills over borders into less visible spheres and risks spilling over into more obscure regions. As the war intensified in May 2025, cyberspace became one of the next arenas that was contested. 

Pakistan-linked hacktivist groups began claiming widespread cyberattacks on Indian government bodies, academic institutions, and critical infrastructure elements as the result of heightened hostilities. It appeared, at first glance, that the volume of asserted attacks indicated that there was a broad cyber offensive on the part of the perpetrators. There is, however, a more nuanced story to be told when we take a closer look at the reports. 

According to findings from security firm CloudSEK, many of these alleged breaches were either overstated or entirely fabrications, based on recycled data dumps, cosmetic website defacements, and short-lived interruptions that caused little harm to operations. 

Despite the symphonic noise surrounding the Pahalgam terror attack, a more sobering development lay instead behind the curtain. It was an intrusion campaign targeting Indian defense-linked networks based on the Crimson RAT malware that was deployed by the APT36 advanced persistent threat group. 

Using a clear distinction between spectacle and substance, this study examines what transpired in India-Pakistan cyber conflict, why it matters, and where the real risks lie in the coming months in order to discern what has truly unfolded. 

In spite of the noise of hacktivist claims, researchers warn that a much more methodical and state-aligned cyber espionage effort has been quietly unfolding beneath the surface level noise. There has been a significant increase in the focus of Pakistan-linked threat actors operating under the designation APT36, also referred to by cybersecurity experts as Earth Karkaddan, Mythic Leopard, Operation C-Major, and Transparent Tribe in the past couple of years. 

It has been more than a decade since this group established itself, and it has demonstrated a track record of conducting targeted intelligence-gathering operations against Indian institutions through its work. 

Analysts observed in August 2025 a shift in tactics for a campaign known as APT36 that focused on Linux-based systems, using carefully designed malware delivery techniques, rather than targeting Windows-based systems. 

APT36 used procurement-themed phishing lures to distribute malware ZIP archives disguised as routine documents, allowing attackers to distribute malware. The malware dropper was coveredtly downloaded and installed by these files, which were then executed through Windows desktop entry configurations. 

A decoy PDF was also displayed to avoid suspicion, while the malware dropper itself retrieved a malware dropper on Google Drive. According to a further analysis, the payload was designed to avoid detection using anti-debugging and anti-sandbox measures, maintain persistence on compromised systems, and establish covert communication with command-and-control infrastructure over WebSockets, which were all hallmarks of a calculated espionage operation rather than an opportunistic intrusion. 

According to further analysis conducted by Zscaler ThreatLabz, the activity appears to be part of two coordinated campaigns, identified as Gopher Strike and Sheet Attack, both of which were carried out from September 2025 to October 2025. It is worth keeping in mind that while elements of the operations bear resemblance to techniques that have historically been associated with APT36, researchers are generally inclined to believe that the observed activity may be the work of a distinct subgroup or a separate threat actor which is linked to Pakistan. 

There are two main types of attacks known as Sheet Attacks and they are characterized by their use of trusted cloud-based platforms for command-and-control communications, including Google Sheets, Firebase, and email services, which enables your attack traffic to blend into legitimate network traffic. 

It has been reported that the Gopher Strike, on the other hand, is initiated by phishing emails that provide PDF attachments which are meant to deceive recipients into installing an Adobe Acrobat Reader DC update that is falsely advertised. A blurred image is displayed on top of a seemingly benign prompt, which instructs users to download the update before they can view the contents of this document. 

A user selecting the embedded option will initiate the download of an ISO image, but only when the request originated from an address in India and corresponds to an Indian user agent specified in a Windows registry - server-side checks to frustrate automated analysis and prevent delivery to a specific audience.

A downloader built on the Golang programming language is embedded within the ISO copy, named GOGITTER, in order for it to be able to establish persistent downloads across multiple directories of the system by creating and repeatedly executing Visual Basic scripts in several locations. 

A portion of the malware periodically retrieves commands from preconfigured command-and-control servers and can, if necessary, access additional payloads from a private GitHub repository, which was created earlier in 2025. This indicates the campaign was deliberately designed and has sustained operational intent for the above period. 

An intrusion sequence is initiated once the malicious payload has been retrieved by executing a tightly coordinated series of actions designed to establish deeper control as well as confirm compromise. The investigator notes that the infected system first sends a HTTP GET request to a domain adobe-acrobat[.]in in order to inform the operator that the target had been successfully breached.

GOGBITTER downloaders unpack and launch executable files that are then executed from previously delivered archives, called edgehost.exe. It is this component's responsibility to deploy GITSHELLPAD, a lightweight Golang backdoor which relies heavily on attackers' control of private GitHub repositories for command-and-control purposes. This backdoor keeps in close touch with the operators by periodically polling a remote server for instructions stored in a file called command.txt that is updated every few seconds.

In addition to being able to navigate directories and execute processes on a compromised system, attackers are also able to transfer files between the compromised and non-compromised system. The execution results are recorded in a separate file and sent back to GitHub, where they are then exfiltrated and stored until the forensic trace is completely removed.

Moreover, Zscaler researchers have observed that operators after initial access downloaded additional RAR archives using the cURL-based command line. As part of these packages, there were tools for system reconnaissance, as well as a custom Golang loader known as GOSHELL that was used to eventually deploy a Cobalt Strike beacon after several decoding stages were completed. 

There is no doubt about the fact that the loader was intentionally padded with extraneous data in order to increase its size to about one gigabyte, which is a tactic that was used as a way to bypass antivirus detections. 

When the auxiliary tools had fulfilled their purpose, they were systematically removed from the host, reflecting a disciplined effort to keep the campaign as stealthy as possible. 

Recently, investigations indicate that cyber tensions between India and Pakistan are intensifying. It is important to distinguish between high-impact threats and performative digital noise in order to avoid the loss of privacy. 

Even though waves of hacktivist claims created the illusion of a widespread cyberattack on Indian institutions in mid-2025, detailed analysis reveals that the majority of these disruptions were exaggerated or of inconsequential nature. Among the more consequential risks that Pakistan-linked actors, including groups such as APT36, are associated with is sustained and technically sophisticated espionage operations. 

The attacks illustrate a clear evolution in the use of tradecraft, combining targeted phishing attacks, exploitation of trusted cloud platforms, and the use of custom malware frameworks, all of which are being used to quietly penetrate both Linux and Windows environments within governments and defense organizations.

It is important to note that selective delivery mechanisms, stealthy persistence techniques, and layering of payloads-all culminating in the deployment of advanced post-exploitation tools-underline a strategic focus on long-term access rather than immediate disruption of the network. 

The findings underscore to policymakers and security teams that the importance of detecting covert, state-aligned intrusions over headline-driven hacktivist activity needs to be prioritized, and that in an increasingly contested cyber world, it is crucial that cybersecurity defenses are strengthened against phishing, cloud abuse, and endpoint monitoring.
Read more »
Security Alarms
Cyber Attacks Delta Russia Security Alarms

Cyberattack Paralyzes Russia's Delta Security Systems

 

A massive cyberattack was launched against Delta, a leading Russian smart alarm system supplier for residential, commercial, and automotive use, on 26 January 2026, causing widespread operational disruptions across the country. The attack crippled Delta’s information technology systems, bringing down websites, telephony, and critical services for tens of thousands of subscribers. Delta labeled the incident a “large-scale external attack” designed to bring operations to a standstill, with no signs of customer data compromise identified at the time.

 End users were immediately affected as car alarms failed to turn off, preventing unlocking and engine start functions in many cases. Home and commercial building alarm systems defaulted to emergency modes that could not be overridden by users, while range-based services like vehicle start functions malfunctioned, sometimes causing engines to shut down during use. Information from Telegram groups like Baza and other news sources, such as Kommersant, shed light on these operational issues, highlighting the weaknesses of IoT security devices connected to the internet. 

Delta’s marketing director, Valery Ushkov, addressed the situation through a video message, stating that the company’s infrastructure was not capable of withstanding the “well-coordinated” global attack. The prolonged recovery effort was necessary due to continued threats following the attack, forcing updates to be posted through VKontakte instead of the company’s own channels. Although Delta claimed that most services would be restored soon with professional help, disruptions continued into 27 January, eroding trust in the company’s cybersecurity efforts. 

Unverified claims emerged on a Telegram channel allegedly linked to the hackers in which they shared one of ten alleged data dumps taken from Delta's systems. Though authenticity remains unconfirmed, fears grew over the mobile app's storage of payment and tracking data, compatible with most vehicles. No hacking group has claimed responsibility, leaving speculation about DDoS, ransomware, or wipers unresolved.

The breach is part of a wave of IT issues in Russia, which included the travel booking service being down that day, although the two incidents are not related, according to officials. It illustrates vulnerabilities in IoT-based security at a time of geopolitical strain and as Delta blamed a “hostile foreign state.” The incident sparks renewed demands for more robust safeguards in critical infrastructure to mitigate real-world physical safety risks from cyber incidents.
Read more »
xAI Anthropic access
AI coding tools Anthropic Claude Code Claude API restrictions Cursor IDE OpenCode ban Technology xAI Anthropic access

Anthropic Cracks Down on Claude Code Spoofing, Tightens Access for Rivals and Third-Party Tools

 

Anthropic has rolled out a new set of technical controls aimed at stopping third-party applications from impersonating its official coding client, Claude Code, to gain cheaper access and higher usage limits to Claude AI models. The move has directly disrupted workflows for users of popular open-source coding agents such as OpenCode.

At the same time—but through a separate enforcement action—Anthropic has also curtailed the use of its models by competing AI labs, including xAI, which accessed Claude through the Cursor integrated development environment. Together, these steps signal a tightening of Anthropic’s ecosystem as demand for Claude Code surges.

The anti-spoofing update was publicly clarified on Friday by Thariq Shihipar, a Member of Technical Staff at Anthropic working on Claude Code. Writing on X (formerly Twitter), Shihipar said the company had "tightened our safeguards against spoofing the Claude Code harness." He acknowledged that the rollout caused unintended side effects, explaining that some accounts were automatically banned after triggering abuse detection systems—an issue Anthropic says it is now reversing.

While those account bans were unintentional, the blocking of third-party integrations themselves appears to be deliberate.

Why Harnesses Were Targeted

The changes focus on so-called “harnesses”—software wrappers that control a user’s web-based Claude account via OAuth in order to automate coding workflows. Tools like OpenCode achieved this by spoofing the client identity and sending headers that made requests appear as if they were coming from Anthropic’s own command-line interface.

This effectively allowed developers to link flat-rate consumer subscriptions, such as Claude Pro or Max, with external automation tools—bypassing the intended limits of plans designed for human, chat-based use.

According to Shihipar, technical instability was a major motivator for the block. Unauthorized harnesses can introduce bugs and usage patterns that Anthropic cannot easily trace or debug. When failures occur in third-party wrappers like OpenCode or certain Cursor configurations, users often blame the model itself, which can erode trust in the platform.

The Cost Question and the “Buffet” Analogy

Developers, however, have largely framed the issue as an economic one. In extended discussions on Hacker News, users compared Claude’s consumer subscriptions to an all-you-can-eat buffet: Anthropic offers a flat monthly price—up to $200 for Max—but controls consumption speed through its official Claude Code tool.

Third-party harnesses remove those speed limits. Autonomous agents running inside tools like OpenCode can execute intensive loops—writing code, running tests, fixing errors—continuously and unattended, often overnight. At that scale, the same usage would be prohibitively expensive under per-token API pricing.

"In a month of Claude Code, it's easy to use so many LLM tokens that it would have cost you more than $1,000 if you'd paid via the API," wrote Hacker News user dfabulich.

By cutting off spoofed harnesses, Anthropic is effectively pushing heavy automation into two approved channels: its metered Commercial API, or Claude Code itself, where execution speed and environment constraints are fully controlled.

Community Reaction and Workarounds

The response from developers has been swift and mixed. Some criticized the move as hostile to users. "Seems very customer hostile," wrote Danish programmer David Heinemeier Hansson (DHH), creator of Ruby on Rails, in a post on X.

Others were more understanding. "anthropic crackdown on people abusing the subscription auth is the gentlest it could’ve been," wrote Artem K aka @banteg on X. "just a polite message instead of nuking your account or retroactively charging you at api prices."

The OpenCode team moved quickly, launching a new $200-per-month tier called OpenCode Black that reportedly routes usage through an enterprise API gateway rather than consumer OAuth. OpenCode creator Dax Raad also announced plans to work with Anthropic rival OpenAI so users could access Codex directly within OpenCode, punctuating the announcement with a Gladiator GIF captioned "Are you not entertained?"

The xAI and Cursor Enforcement

Running parallel to the technical crackdown, developers at Elon Musk’s AI lab xAI reportedly lost access to Claude models around the same time. While the timing suggested coordination, sources indicate this was a separate action rooted in Anthropic’s commercial terms.

As reported by tech journalist Kylie Robison of Core Memory, xAI staff had been using Claude models through the Cursor IDE to accelerate internal development. "Hi team, I believe many of you have already discovered that Anthropic models are not responding on Cursor," wrote xAI co-founder Tony Wu in an internal memo. "According to Cursor this is a new policy Anthropic is enforcing for all its major competitors."

Anthropic’s Commercial Terms of Service explicitly prohibit using its services to build or train competing AI systems. In this case, Cursor itself was not the issue; rather, xAI’s use of Claude through the IDE for competitive research triggered the block.

This is not the first time Anthropic has cut off access to protect its models. In August 2025, the company revoked OpenAI’s access to the Claude API under similar circumstances. At the time, an Anthropic spokesperson said, "Claude Code has become the go-to choice for coders everywhere, and so it was no surprise to learn OpenAI's own technical staff were also using our coding tools."

Earlier, in June 2025, the coding environment Windsurf was abruptly informed that Anthropic was cutting off most first-party capacity for Claude 3.x models. Windsurf was forced to pivot to a bring-your-own-key model and promote alternatives like Google’s Gemini.

Together with the xAI and OpenCode actions, these incidents underscore a consistent message: Anthropic will sever access when usage threatens its business model or competitive position.

Claude Code’s Rapid Rise

The timing of the crackdowns closely follows a dramatic surge in Claude Code’s popularity. Although released in early 2025, it remained niche until December 2025 and early January 2026, when community-driven experimentation—popularized by the so-called “Ralph Wiggum” plugin—demonstrated powerful self-healing coding loops.

The real prize, however, was not the Claude Code interface itself but the underlying Claude Opus 4.5 model. By spoofing the official client, third-party tools allowed developers to run large-scale autonomous workflows on Anthropic’s most capable reasoning model at a flat subscription price—effectively arbitraging consumer pricing against enterprise-grade usage.

As developer Ed Andersen noted on X, some of Claude Code’s popularity may have been driven by this very behavior.

For enterprise AI teams, the message is clear: pipelines built on unofficial wrappers or personal subscriptions carry significant risk. While flat-rate tools like OpenCode reduced costs, Anthropic’s enforcement highlights the instability and compliance issues they introduce.

Organizations now face a trade-off between predictable subscription fees and variable, per-token API costs—but with the benefit of guaranteed support and stability. From a security standpoint, the episode also exposes the dangers of “Shadow AI,” where engineers quietly bypass enterprise controls using spoofed credentials.

As Anthropic consolidates control over access to Claude’s models, the reliability of official APIs and sanctioned tools is becoming more important than short-term cost savings. In this new phase of the AI arms race, unrestricted access to top-tier reasoning models is no longer a given—it’s a privilege tightly guarded by their creators.
Read more »
MFA
AI AI Browsers ChatGPT Data Theft malware MFA

Some ChatGPT Browser Extensions Are Putting User Accounts at Risk

 


Cybersecurity researchers are cautioning users against installing certain browser extensions that claim to improve ChatGPT functionality, warning that some of these tools are being used to steal sensitive data and gain unauthorized access to user accounts.

These extensions, primarily found on the Chrome Web Store, present themselves as productivity boosters designed to help users work faster with AI tools. However, recent analysis suggests that a group of these extensions was intentionally created to exploit users rather than assist them.

Researchers identified at least 16 extensions that appear to be connected to a single coordinated operation. Although listed under different names, the extensions share nearly identical technical foundations, visual designs, publishing timelines, and backend infrastructure. This consistency indicates a deliberate campaign rather than isolated security oversights.

As AI-powered browser tools become more common, attackers are increasingly leveraging their popularity. Many malicious extensions imitate legitimate services by using professional branding and familiar descriptions to appear trustworthy. Because these tools are designed to interact deeply with web-based AI platforms, they often request extensive permissions, which exponentially increases the potential impact of abuse.

Unlike conventional malware, these extensions do not install harmful software on a user’s device. Instead, they take advantage of how browser-based authentication works. To operate as advertised, the extensions require access to active ChatGPT sessions and advanced browser privileges. Once installed, they inject hidden scripts into the ChatGPT website that quietly monitor network activity.

When a logged-in user interacts with ChatGPT, the platform sends background requests that include session tokens. These tokens serve as temporary proof that a user is authenticated. The malicious extensions intercept these requests, extract the tokens, and transmit them to external servers controlled by the attackers.

Possession of a valid session token allows attackers to impersonate users without needing passwords or multi-factor authentication. This can grant access to private chat histories and any external services connected to the account, potentially exposing sensitive personal or organizational information. Some extensions were also found to collect additional data, including usage patterns and internal access credentials generated by the extension itself.

Investigators also observed synchronized publishing behavior, shared update schedules, and common server infrastructure across the extensions, reinforcing concerns that they are part of a single, organized effort.

While the total number of installations remains relatively low, estimated at fewer than 1,000 downloads, security experts warn that early-stage campaigns can scale rapidly. As AI-related extensions continue to grow in popularity, similar threats are likely to emerge.

Experts advise users to carefully evaluate browser extensions before installation, pay close attention to permission requests, and remove tools that request broad access without clear justification. Staying cautious is increasingly important as browser-based attacks become more subtle and harder to detect.

Read more »
Subscribe to: Comments (Atom)