ESET has released its latest Threat Report, which summarizes trends in the threat landscape observed in ESET telemetry from December 2023 to May 2024, as well as the perspective of both ESET's threat detection and research experts.
The past six months have painted a dynamic landscape of Android financial threats, malware targeting victims' mobile banking funds, in the form of “traditional” banking malware and, more recently, cryptostealers. We've seen information stealing malware masquerading as generative AI tools, and new mobile malware, GoldPickaxe, steals facial recognition data to create deepfake videos that malware operators use to authenticate fraudulent financial transactions. Cheat tools used in video games and online multiplayer games have recently been found to contain information stealing malware, such as RedLine Stealer, which saw a sharp increase in detections in ESET telemetry in the first half of 2024.
“GoldPickaxe is available for Android and iOS and targets victims in Southeast Asia through localized malicious apps. When ESET researchers investigated this malware family, they found that GoldPickaxe's older Android version, GoldDiggerPlus, was also actively targeting victims in Latin America and South Africa, making inroads in those regions,” explains Jiří Kropáč, Director of Threat Detection at ESET.
In recent years, infostealing malware has also begun to spoof generative AI tools. In the first half of 2024, Rilide Stealer was spotted abusing the names of generative AI assistants such as OpenAI's Sora and Google's Gemini to lure potential victims. In another malicious campaign, the Vidar infostealer was hiding behind the Windows desktop app of the AI image generator Midjourney, whose AI models were only accessible via Discord. Since 2023, ESET research has seen an increase in cybercriminals abusing AI themes, and this trend is expected to continue.
Game enthusiasts outside the official gaming ecosystem have come under attack by infostealers, as some cracked video games and cheat tools used in online multiplayer games have recently been found to contain infostealer malware, such as Lumma Stealer and RedLine Stealer. RedLine Stealer has seen several spikes in detections in the first half of 2024 in ESET telemetry, due to campaigns in Spain, Japan and Germany. The most recent wave has been so large that RedLine Stealer detections in the first half of 2024 exceeded those in the second half of 2023 by a third.
Balada Injector, a gang notorious for exploiting vulnerabilities in WordPress plugins, continued to rampage in the first half of 2024, compromising over 20,000 websites and recording over 400,000 hits on ESET telemetry for variants used in the gang's recent campaigns. In the ransomware field, LockBit, a former major player, was dethroned in February 2024 by Operation Chronos, a global disruption carried out by law enforcement agencies. ESET telemetry recorded two notable LockBit campaigns in the first half of 2024, which turned out to be the result of non-LockBit gangs using leaked LockBit builders.
The ESET Threat Report covers the news of a recently published in-depth investigation into the malware and botnet of the Ebury group, one of the most sophisticated server-side malware campaigns still in operation. Over the years, Ebury has been deployed as a backdoor to compromise approximately 400,000 Linux, FreeBSD and OpenBSD servers, with over 100,000 still compromised as of the end of 2023.
For more information, see the ESET Threat Report H1 2024 on WeLiveSecurity.com. ESET Research on Twitter (now known as X) Read the latest news from ESET Research.
Image credit: ESET