If you are a proud owner of a Chromebook or are in the hunt of buying one, you might have heard some praising reviews of how well it is optimized for the internet. The Chromebook runs on a Linux-based operating system called the Chrome OS.
While the system software is relatively new, rumours about its security have already surfaced on the internet that were enough to create panic and confusion amongst its users. So, since the question of whether Chromebooks need an antivirus or not, still remains unanswered for many, we would like to keep the answer short an simple – NO, you do not need an antivirus for Chromebook.
In reality, you would actually have a hard time finding one anywhere and if you do, it probably is just generic security software. As a matter of fact, this is one of the biggest reasons, coupled with its price why many choose the Chromebook over a Windows based laptop.
Why doesn’t the Chromebook need any security?
The Chromebook was designed specifically for having a better browsing and internet experience, predominantly utilizing the Google Chrome browser. In order to achieve that, one of the most vital factors Google had to look into, was protecting it from malware and other malignant threats.
While Google Chrome itself is a genuinely secure and stable browser on all platforms, the tech giant took an extra step in ensuring it was designed to safeguard itself properly from any exploitation. One of the ways Google was able to achieve that, was by adding a security feature called process isolation. It works something like this. A cyber attacker tries to exploit a device through a web page the user is visiting.
Once he is successful, he can jump and access an adjacent tab where there might be some sensitive data to capitalize on. With process isolation, even if one tab somehow gets compromised, it wouldn’t be possible to latch on the next, making it impossible to see anything else on the computer.
If however, cyber criminals do find an exploit in the future, how is it going to affect the Chromebook?
As of now, Chrome OS is protected from viruses, trojans, malware and ransomware. If however, in the future, a loophole is found there is less of a worry than if the same would have happened on a PC or a Mac. The reason is obvious – all your files and important data are always automatically backed up to the cloud. Unless there is someone who can exploit that, you can be assured your data is well secured.
Even if a Chromebook, somehow in the future does get infected by a virus, all you would have to do is reset it back to its factory settings and recover all your data through the cloud.
I feel there is something wrong with my Chromebook. Can I be assured it is not a virus?
No matter how safe and secure Chromebooks happen to be, it wouldn’t be right to part ways with caution so early. It is apparently next to impossible that your device could be affected by a virus. If you feel your Chromebook is acting strange, it is possibly due to one of the following 2 reasons:
Malicious Extensions: Though very rare, if however, your Chromebook starts to behave unusually, its likely that it has been targeted by a malicious Google Chrome browser extension. Even though extensions are seriously monitored for suspicious behavior, it is advisable not to install one if you are not familiar with the source.
In fact, before installing, you should check what permissions and rights the extension requires. If somehow you feel that an extension is responsible for your Chromebook’s strange behavior, all you have to do is turn off extension syncing in the settings and reset your Chromebook.
Browser Hijack: Browser Hijack is rather a cunning scam where fraudsters try to gain control over the browser you are using by locking it. They then convince you to pay in order to continue using it. If this or something similar ever happens to you, remember one thing – DO NOT PAY ANYTHING!
Google doesn’t charge its users for access to the browser. If by some means you enter a website that tries to hijack your browser, all that is required is resetting your device. However, keep in mind not to restore Google Chrome to its previous configuration when launching it again.
Does that mean apart from couple of potential minor threats my Chromebook is well secured?
Although we believe you don’t need antivirus for Chromebook, We did mention it is still too early to part ways with caution, didn’t we? Well, we haven’t finished saying that yet. Just because your Chromebook cannot be infected by a virus, doesn’t mean you shouldn’t take precautions against having your data stolen. There are scammers and hackers all around the internet looking to trap naive users.
Spam emails are the biggest security concerns we haven’t still been able to defeat, the most common being phishing emails. The idea is really simple. Cyber culprits design a clone copy of a popular website convincing you to believe that nothing wrong is happening while you enter your username and password to register or log in. Once you click the ‘login’ or ‘sign up’ button, we have a rewarded culprit and an oblivious victim.
The information you entered thinking you are signing up or logging in are now in the hands of someone you would not want it to be. One of the most common tasks users perform on the internet is online banking and shopping. If you have extensions installed and are worried that one or more of them might be devious, carry out such operations in incognito mode. This may be helpful as it disables all extensions by default. For more information on what to look out for see our article – What internet security threats to look out for in 2018?
Keep your passwords strong, use a password manager and never click on emails that look spam or are not familiar to you. Your computer is already a profoundly sophisticated machine when it comes to stability and security. All that is required is a little common sense and precaution while operating it; as the biggest security worries of today are not the computer, but the user itself.
Regulators in the UK have taken a step closer to formal crypto oversight. The Financial Conduct Authority (FCA) has opened consultations on new rules governing stablecoins and the custody of digital assets. The proposals are part of an effort to establish a safer, more transparent environment for crypto services…
Published
1 week ago
in
By
Regulators in the UK have taken a step closer to
formal crypto oversight. The Financial Conduct Authority (FCA) has opened consultations on new rules governing stablecoins and the custody of
digital assets. The proposals are part of an effort to establish a
safer, more transparent environment for crypto services… Read More
close Video Deepfake technology ‘is getting so easy now’: Cybersecurity expert Cybersecurity expert Morgan Wright breaks down the dangers of deepfake video technology on ‘Unfiltered.’ NEWYou can now listen to Fox News articles! Imagine your phone rings and the voice on the other end sounds just like your boss, a close friend, or even a
Published
1 week ago
in
By
close
Video
Deepfake technology ‘is getting so easy now’: Cybersecurity expert
Cybersecurity expert Morgan Wright breaks down the dangers of deepfake video technology on ‘Unfiltered.’
NEWYou can now listen to Fox News articles!
Imagine your phone rings and the voice on the other end sounds just like your boss, a close friend, or even a government official. They urgently ask for sensitive information, except it’s not really them. It’s a deepfake, powered by AI, and you’re the target of a sophisticated scam. These kinds of attacks are happening right now, and they’re getting more convincing every day.
That’s the warning sounded by the 2025 AI Security Report, unveiled at the RSA Conference (RSAC), one of the world’s biggest gatherings for cybersecurity experts, companies, and law enforcement. The report details how criminals are harnessing artificial intelligence to impersonate people, automate scams, and attack security systems on a massive scale.
From hijacked AI accounts and manipulated models to live video scams and data poisoning, the report paints a picture of a rapidly evolving threat landscape, one that’s touching more lives than ever before.
Join The FREE CyberGuy Report: Get my expert tech tips, critical security alerts, and exclusive deals – plus instant access to my free Ultimate Scam Survival Guide when you sign up!
Illustration of cybersecurity risks.(Kurt “CyberGuy” Knutsson)
AI tools are leaking sensitive data
One of the biggest risks of using AI tools is what users accidentally share with them. A recent analysis by cybersecurity firm Check Point found that 1 in every 80 AI prompts includes high-risk data, and about 1 in 13 contains sensitive information that could expose users or organizations to security or compliance risks.
This data can include passwords, internal business plans, client information, or proprietary code. When shared with AI tools that are not secured, this information can be logged, intercepted, or even leaked later.
Deepfake scams are now real-time and multilingual
AI-powered impersonation is getting more advanced every month. Criminals can now fake voices and faces convincingly in real time. In early 2024, a British engineering firm lost 20 million pounds after scammers used live deepfake video to impersonate company executives during a Zoom call. The attackers looked and sounded like trusted leaders and convinced an employee to transfer funds.
Real-time video manipulation tools are now being sold on criminal forums. These tools can swap faces and mimic speech during video calls in multiple languages, making it easier for attackers to run scams across borders.
Illustration of a person video conferencing on their laptop.(Kurt “CyberGuy” Knutsson)
AI is running phishing and scam operations at scale
Social engineering has always been a part of cybercrime. Now, AI is automating it. Attackers no longer need to speak a victim’s language, stay online constantly, or manually write convincing messages.
Tools like GoMailPro use ChatGPT to create phishing and spam emails with perfect grammar and native-sounding tone. These messages are far more convincing than the sloppy scams of the past. GoMailPro can generate thousands of unique emails, each slightly different in language and urgency, which helps them slip past spam filters. It is actively marketed on underground forums for around $500 per month, making it widely accessible to bad actors.
Another tool, the X137 Telegram Console, leverages Gemini AI to monitor and respond to chat messages automatically. It can impersonate customer support agents or known contacts, carrying out real-time conversations with multiple targets at once. The replies are uncensored, fast, and customized based on the victim’s responses, giving the illusion of a human behind the screen.
AI is also powering large-scale sextortion scams. These are emails that falsely claim to have compromising videos or photos and demand payment to prevent them from being shared. Instead of using the same message repeatedly, scammers now rely on AI to rewrite the threat in dozens of ways. For example, a basic line like “Time is running out” might be reworded as “The hourglass is nearly empty for you,” making the message feel more personal and urgent while also avoiding detection.
By removing the need for language fluency and manual effort, these AI tools allow attackers to scale their phishing operations dramatically. Even inexperienced scammers can now run large, personalized campaigns with almost no effort.
Stolen AI accounts are sold on the dark web
With AI tools becoming more popular, criminals are now targeting the accounts that use them. Hackers are stealing ChatGPT logins, OpenAI API keys, and other platform credentials to bypass usage limits and hide their identity. These accounts are often stolen through malware, phishing, or credential stuffing attacks. The stolen credentials are then sold in bulk on Telegram channels and underground forums. Some attackers are even using tools that can bypass multi-factor authentication and session-based security protections. These stolen accounts allow criminals to access powerful AI tools and use them for phishing, malware generation, and scam automation.
WHAT TO DO IF YOUR PERSONAL INFORMATION IS ON THE DARK WEB
Illustration of a person signing into their laptop.(Kurt “CyberGuy” Knutsson)
MALWARE STEALS BANK CARDS AND PASSWORDS FROM MILLIONS OF DEVICES
Jailbreaking AI is now a common tactic
Criminals are finding ways to bypass the safety rules built into AI models. On the dark web, attackers share techniques for jailbreaking AI so it will respond to requests that would normally be blocked. Common methods include:
Telling the AI to pretend it is a fictional character that has no rules or limitations
Phrasing dangerous questions as academic or research-related scenarios
Asking for technical instructions using less obvious wording so the request doesn’t get flagged
Some AI models can even be tricked into jailbreaking themselves. Attackers prompt the model to create input that causes it to override its own restrictions. This shows how AI systems can be manipulated in unexpected and dangerous ways.
AI-generated malware is entering the mainstream
AI is now being used to build malware, phishing kits, ransomware scripts, and more. Recently, a group called FunkSac was identified as the leading ransomware gang using AI. Its leader admitted that at least 20% of their attacks are powered by AI. FunkSec has also used AI to help launch attacks that flood websites or services with fake traffic, making them crash or go offline. These are known as denial-of-service attacks. The group even created its own AI-powered chatbot to promote its activities and communicate with victims on its public website..
Some cybercriminals are even using AI to help with marketing and data analysis after an attack. One tool called Rhadamanthys Stealer 0.7 claimed to use AI for “text recognition” to sound more advanced, but researchers later found it was using older technology instead. This shows how attackers use AI buzzwords to make their tools seem more advanced or trustworthy to buyers.
Other tools are more advanced. One example is DarkGPT, a chatbot built specifically to sort through huge databases of stolen information. After a successful attack, scammers often end up with logs full of usernames, passwords, and other private details. Instead of sifting through this data manually, they use AI to quickly find valuable accounts they can break into, sell, or use for more targeted attacks like ransomware.
Get a free scan to find out if your personal information is already out on the web
Poisoned AI models are spreading misinformation
Sometimes, attackers do not need to hack an AI system. Instead, they trick it by feeding it false or misleading information. This tactic is called AI poisoning, and it can cause the AI to give biased, harmful, or completely inaccurate answers. There are two main ways this happens:
Training poisoning: Attackers sneak false or harmful data into the model during development
Retrieval poisoning: Misleading content online gets planted, which the AI later picks up when generating answers
In 2024, attackers uploaded 100 tampered AI models to the open-source platform Hugging Face. These poisoned models looked like helpful tools, but when people used them, they could spread false information or output malicious code.
A large-scale example came from a Russian propaganda group called Pravda, which published more than 3.6 million fake articles online. These articles were designed to trick AI chatbots into repeating their messages. In tests, researchers found that major AI systems echoed these false claims about 33% of the time.
Illustration of a hacker at work(Kurt “CyberGuy” Knutsson)
HOW SCAMMERS USE AI TOOLS TO FILE PERFECT-LOOKING TAX RETURNS IN YOUR NAME
How to protect yourself from AI-driven cyber threats
AI-powered cybercrime blends realism, speed, and scale. These scams are not just harder to detect. They are also easier to launch. Here’s how to stay protected:
1) Avoid entering sensitive data into public AI tools: Never share passwords, personal details, or confidential business information in any AI chat, even if it seems private. These inputs can sometimes be logged or misused.
2) Use strong antivirus software: AI-generated phishing emails and malware can slip past outdated security tools. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices.
3) Turn on two-factor authentication (2FA):2FA adds an extra layer of protection to your accounts, including AI platforms. It makes it much harder for attackers to break in using stolen passwords.
4) Be extra cautious with unexpected video calls or voice messages: If something feels off, even if the person seems familiar, verify before taking action. Deepfake audio and video can sound and look very real.
5) Use a personal data removal service: With AI-powered scams and deepfake attacks on the rise, criminals are increasingly relying on publicly available personal information to craft convincing impersonations or target victims with personalized phishing. By using a reputable personal data removal service, you can reduce your digital footprint on data broker sites and public databases. This makes it much harder for scammers to gather the details they need to convincingly mimic your identity or launch targeted AI-driven attacks.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap – and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.
6) Consider identity theft protection: If your data is leaked through a scam, early detection is key. Identity protection services can monitor your information and alert you to suspicious activity. Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
7) Regularly monitor your financial accounts: AI-generated phishing, malware, and account takeover attacks are now more sophisticated and widespread than ever, as highlighted in the 2025 AI Security Report. By frequently reviewing your bank and credit card statements for suspicious activity, you can catch unauthorized transactions early, often before major damage is done. Quick detection is crucial, especially since stolen credentials a
Speaking at a side event during the Bitcoin 2025 conference in Las Vegas, Saylor called the transparency trend “a bad idea.” He warned that proof of reserves could endanger investors and institutions alike. “Publishing wallet addresses is like handing over a treasure map,” Saylor said. “It dilutes the security of the issuer…
Published
2 weeks ago
in
By
Speaking at a side event during the Bitcoin 2025 conference in Las Vegas, Saylor called the transparency trend “a bad idea.” He warned that proof of reserves could endanger investors and institutions alike. “Publishing wallet addresses is like handing over a treasure map,” Saylor said. “It dilutes the security of the issuer… Read More
Key Takeaways Hackers compromised Migos’ Instagram to expose Solana co-founder Raj Gokal’s personal data. A 40 Bitcoin ransom was demanded by the attackers who threatened Gokal after the breach. Share this article The official Instagram account of the famous hip-hop group Migos was apparently hacked on Monday, with the page briefly turning into a leaked
Published
2 weeks ago
in
By
Key Takeaways
Hackers compromised Migos’ Instagram to expose Solana co-founder Raj Gokal’s personal data.
A 40 Bitcoin ransom was demanded by the attackers who threatened Gokal after the breach.
Share this article
The official Instagram account of the famous hip-hop group Migos was apparently hacked on Monday, with the page briefly turning into a leaked site for sensitive personal information belonging to Solana co-founder Raj Gokal.
According to Andy, co-founder of The Rollup, the compromised account, which has over 13 million followers, posted a series of photos of alleged IDs, passport scans, and other private data linked to Gokal and another individual identified as “Arvind.”
BREAKING:
Famous rapper ‘Migos’ IG account appears to be hacked and has posted photos of Solana co-founder @rajgokal ID, passport, & more with sensitive info leaked.
Caption reads “you should’ve paid the 40 btc” which reads like a failed bribe. pic.twitter.com/HM9y2XRjMa
— Andy (@ayyyeandy) May 27, 2025
The leaked documents were paired with threatening captions and explicit references to an unpaid crypto ransom, including one post stating, “you should’ve paid the 40 btc,” indicating a failed extortion effort.
The hackers also modified the account’s bio to promote a meme coin scam and shared Telegram links and audio files. One post taunted the victims by referencing their Solana token holdings.
Andy said that the compromised content was visible for about 90 minutes before removal.
Commenting on Andy’s report, blockchain investigator ZachXBT noted that the extortion attempt appeared to follow a week of coordinated social engineering efforts targeting Raj Gokal.
Thanks for actually blurring the personal info unlike every other account on CT.
Think Raj’s personal accounts got social engineered and they tried to extort him for funds with the PII obtained. Guess he didn’t pay so they started trolling and posted it after they compromised… pic.twitter.com/Cj2a2yAFa6
— ZachXBT (@zachxbt) May 27, 2025
Gokal has not released an official statement. However, his earlier X posts indicated awareness of attempts to breach his personal and professional systems prior to the incident.
Migos’ Instagram account has since returned to normal operation.
