Infostealing malware masquerading as generative AI tools - Help ...
Over the past six months, there has been a notable surge in Android financial threats – malware targeting victims’ mobile banking funds, whether in the form of ‘traditional’ banking malware or, more recently, cryptostealers, according to ESET.
Impersonating Generative AI Tools
Infostealing malware can now be found impersonating generative AI tools, and new mobile malware GoldPickaxe is capable of stealing facial recognition data to create deepfake videos used by the malware’s operators to authenticate fraudulent financial transactions.
Targeting Specific Regions
Video games and cheating tools used in online multiplayer games were recently found to contain infostealer malware such as the RedLine Stealer, which saw several detection spikes in H1 2024 in ESET telemetry. GoldPickaxe has both Android and iOS versions and has been targeting victims in Southeast Asia through localized malicious apps.
"GoldPickaxe has both Android and iOS versions and has been targeting victims in Southeast Asia through localized malicious apps. As ESET researchers investigated this malware family, they discovered that an older Android sibling of GoldPickaxe, called GoldDiggerPlus, has also spread to Latin America and South Africa by actively targeting victims in these regions," explains Jiří Kropáč, Director of ESET Threat Detection.
Abusing the AI Theme
In recent months, infostealing malware also began to utilize the impersonation of generative AI tools. Rilide Stealer was spotted misusing the names of generative AI assistants, such as OpenAI’s Sora and Google’s Gemini, to entice potential victims.
Since 2023, ESET Research has increasingly seen cybercriminals abusing the AI theme – a trend that is expected to continue.
Impact on Gaming Enthusiasts
Gaming enthusiasts who ventured out of the official gaming ecosystem were attacked by infostealers, as some cracked video games and cheating tools used in online multiplayer games were recently found to contain infostealer malware such as Lumma Stealer and RedLine Stealer.
Ransomware and WordPress Vulnerabilities
Balada Injector, a gang notorious for exploiting WordPress plug-in vulnerabilities, continued to run rampant in the first half of 2024, compromising over 20,000 websites and racking up over 400,000 hits in ESET telemetry for the variants used in the gang’s recent campaign. On the ransomware scene, former leading player LockBit was knocked off its pedestal by Operation Chronos, a global disruption conducted by law enforcement in February 2024.
