ESET Threat Report: Infostealers using AI & banking malware creating deepfake videos to steal money

0
72
ESET Threat Report: Infostealers using AI & banking malware creating deepfake videos to steal money
ESET Threat Report: Infostealers using AI & banking malware creating deepfake videos to steal money
Infostealers started to impersonate generative AI tools such as Midjourney, Sora, and Gemini.
  • ESET has released its latest Threat Report, which summarizes threat landscape trends seen in ESET telemetry and from the perspective of ESET experts, from December 2023 through May 2024.
  • Infostealers started to impersonate generative AI tools such as Midjourney, Sora, and Gemini.
  • The new mobile malware GoldPickaxe is capable of stealing facial recognition data to create deep-fake videos.
  • RedLine Stealer saw several detection spikes in ESET H1 2024 telemetry, caused by campaigns in Spain, Japan, and Germany.
  • Balada Injector, a gang notorious for exploiting WordPress plugin vulnerabilities, continued to run rampant in the first half of 2024, compromising over 20,000 websites as ESET telemetry detected 400,000 hits.

Dubai, UAE, July 4, 2024: ESET has released its latest Threat Report, which summarizes threat landscape trends seen in ESET telemetry and from the perspective of both ESET threat detection and research experts, from December 2023 through May 2024. These past six months have painted a dynamic landscape of Android financial threats and malware going after victims’ mobile banking funds, be they in the form of “traditional” banking malware or, more recently, cryptostealers.

Infostealing malware can now be found impersonating generative AI tools, and new mobile malware GoldPickaxe is capable of stealing facial recognition data to create deepfake videos used by the malware’s operators to authenticate fraudulent financial transactions. Video games and cheating tools used in online multiplayer games were recently found to contain infostealer malware such as the RedLine Stealer, which saw several detection spikes in H1 2024 in ESET telemetry.

“GoldPickaxe has both Android and iOS versions and has been targeting victims in Southeast Asia through localized malicious apps. As ESET researchers investigated this malware family, they discovered that an older Android sibling of GoldPickaxe, called GoldDiggerPlus, has also tunneled its way to Latin America and South Africa by actively targeting victims in these regions,” explains Jiří Kropáč, Director of ESET Threat Detection.

In recent months, Infostealing malware has also begun to utilize the impersonation of generative AI tools. In H1 2024, Rilide Stealer was spotted misusing the names of generative AI assistants, such as OpenAI’s Sora and Google’s Gemini, to entice potential victims. In another malicious campaign, the Vidar infostealer was lurking behind a supposed Windows desktop app for AI image generator Midjourney, even though Midjourney’s AI model is only accessible via Discord. Since 2023, ESET Research has increasingly seen cybercriminals abusing the AI theme, a trend that is expected to continue.

Gaming enthusiasts who ventured out of the official gaming ecosystem were attacked by infostealers, as some cracked video games and cheating tools used in online multiplayer games were recently found to contain infostealer malware such as Lumma Stealer and RedLine Stealer. RedLine Stealer saw several detection spikes in H1 2024 in ESET telemetry, caused by campaigns in Spain, Japan, and Germany. Its recent waves were so significant that RedLine Stealer detections in H1 2024 surpassed those from H2 2023 by a third.

Balada Injector, a gang notorious for exploiting WordPress plug-in vulnerabilities, continued to run rampant in the first half of 2024, compromising over 20,000 websites and racking up over 400,000 hits in ESET telemetry for the variants used in the gang’s recent campaign. On the ransomware scene, former leading player LockBit was knocked off its pedestal by Operation Chronos, a global disruption conducted by law enforcement in February 2024. Although ESET telemetry recorded two notable LockBit campaigns in H1 2024, these were found to be the result of non-LockBit gangs using the leaked LockBit builder.

The ESET Threat Report features news about a recently released deep-dive investigation into one of the most advanced server-side malware campaigns, which is still growing—the Ebury Group, with their malware and botnet. Over the years, Ebury has been deployed as a backdoor to compromise almost 400,000 Linux, FreeBSD, and OpenBSD servers; more than 100,000 were still compromised as of late 2023.

Also readThe future of retail is all about tech-driven personalization and convenience, says Amit Kriplani, CTO at ace turtle

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.