CybserSecurity News

Tag: podcast

  • Google Chrome on Android Now Turns Articles into Podcasts

    Google has introduced a new AI-powered feature in Chrome for Android that brings web pages to life through narration. Instead of monotonously reading an article from start to finish, the browser can now condense the content into a podcast-style summary — two synthesized narrators discuss the key ideas, transforming a lengthy article into a short, engaging audio experience. Early users spotted the addition in the stable release Chrome 140.0.7339.124, suggesting the feature is gradually rolling out to a broader audience.

    Activation follows the familiar path: open a page, tap the three-dot menu in the top-right corner, and select “Listen to this page.” In the playback panel, next to the speed control, a new AI narration toggle appears, allowing users to instantly switch between traditional read-aloud mode and the new podcast-style rendition.

    The feature traces its roots to NotebookLM, where Google first launched “Audio Overviews” — dialog-based audio summaries of user-provided materials. The company expanded the concept to the Gemini app earlier this year, and now it is bringing the idea to billions of Chrome mobile users.

    Previously, the “podcast narration” option was available only in Chrome Canary and beta builds, but it has now reached the stable channel. As always, rollout is staggered, so availability may vary across users.

    In short, Chrome is turning sprawling walls of text into compact, convenient, and listenable audio — an invaluable aid when your eyes are tired, you’re behind the wheel, or you simply want to absorb the essence of an article in just a few minutes.

  • Beware: Fake Podcast Invites Are Stealing Crypto from Mac Users

    A phishing campaign targeting figures in the cryptocurrency industry has come to light after researcher José A. Gómez Ledesma of the Quetzal team reported a string of attacks masquerading as invitations to appear on the popular Empire podcast. Scammers cultivate the illusion of genuine contact with the show’s hosts, approach potential victims via social media, and offer to discuss participation on air. Supposedly using platforms such as Streamyard or Huddle for the interviews, they instead funnel invitees to counterfeit websites that perfectly mimic those services’ interfaces.

    When a victim attempts to connect, the site displays a bogus error — “browser unsupported” or “connection unavailable” — and prompts the user to download a bespoke client application. In reality, the victim retrieves a DMG bundle presented as Streamyard or Huddle, which conceals the AMOS Stealer malware crafted specifically to compromise macOS systems.

    Installing the DMG triggers a multi-stage command chain that performs elaborate decoding of embedded content. The disk image contains an obfuscated Bash script encoded in Base64, which then undergoes XOR decryption via Perl and a second Base64 decode. The outcome of these steps is an AppleScript that locates a hidden executable within the mounted volume. The mounts use names such as .Huddle or .Streamyard — the leading dot indicating their hidden status on Unix-like systems — and the malicious payload, AMOS Stealer, resides within those concealed volumes.

    This stealer is actively used by threat actors to exfiltrate sensitive material — from saved browser credentials and session tokens to banking app data and cryptocurrency wallets. Stolen artifacts are often traded on darknet forums, sometimes at prices lower than the cost of a meal. AMOS has been observed in prior campaigns that deployed fake tools like DeepSeek and is notable for masquerading as trusted applications across multiple programs.

    The latest wave of podcast-themed lures continues a pattern of increasingly sophisticated, highly targeted schemes aimed at the crypto community. Only weeks ago, a similar campaign impersonated CoinMarketCap journalists to approach industry executives. Modern attacks are meticulously personalized: spoofed pages replicate the appearance of legitimate platforms with pixel-perfect fidelity, and social-media outreach is engineered to engender trust. A victim receives a bespoke message, an invitation to an interview, and a supposedly official link — everything appears authentic until the moment the malicious file is downloaded.

    Quetzal has published hashes for several disk images that distributed AMOS, including artifacts labeled Huddle.Iwv and Streamyard.ZTz, and has identified lure domains such as streamyard.ai and huddle01.com. Their report includes technical indicators of compromise and SHA-256 checksums for all known malicious files involved in this infection chain.

    The use of Empire Podcast branding and the faithful imitation of Streamyard and Huddle interfaces make the ruse particularly convincing: every step — from the initial social-media exchange to the final installation — is engineered to appear legitimate. Although this campaign targets only macOS, that platform is widely used among Web3 developers and traders, which enhances the scheme’s effectiveness.