ESET Threat Report: Data thieves use AI and banking malware to create deepfake videos to steal money

AI Video & Visuals
Michael LewisLeave a Comment on ESET Threat Report: Data thieves use AI and banking malware to create deepfake videos to steal money


ESET Threat Report: Data thieves use AI and banking malware to create deepfake videos to steal money
ESET Threat Report: Data thieves use AI and banking malware to create deepfake videos to steal money

Infostealers have begun disguising generative AI tools such as Midjourney, Sora, and Gemini.
  • ESET has released its latest threat report, which summarizes trends in the threat landscape from December 2023 to May 2024 based on ESET telemetry and from the perspective of ESET experts.
  • Infostealers have begun disguising generative AI tools such as Midjourney, Sora, and Gemini.
  • New mobile malware, GoldPickaxe, can steal facial recognition data and create deepfake videos.
  • RedLine Stealer recorded multiple detection spikes in ESET H1 2024 telemetry, driven by campaigns in Spain, Japan and Germany.
  • Balada Injector, notorious for exploiting vulnerabilities in WordPress plugins, continued to wreak havoc in the first half of 2024, with ESET telemetry detecting 400,000 hits and compromising more than 20,000 websites.

Dubai, United Arab Emirates, July 4, 2024: ESET has published its latest threat report, which compiles trends in the threat landscape from the perspective of ESET telemetry and ESET threat detection and research experts from December 2023 to May 2024. The past six months have painted a dynamic picture of Android financial threats and malware targeting victims' mobile banking funds, whether in the form of “traditional” banking malware or, more recently, cryptostealers.

We are seeing information stealing malware masquerading as generative AI tools, with new mobile malware GoldPickaxe able to steal facial recognition data and create deepfake videos that malware operators use to authenticate fraudulent financial transactions. Video games and cheating tools used in online multiplayer games have recently been found to contain information stealing malware such as RedLine Stealer, which saw a sharp increase in detections in the first half of 2024 in ESET telemetry.

“GoldPickaxe is available for Android and iOS and targets victims in Southeast Asia through localized malicious apps. When ESET researchers investigated this malware family, they found that GoldPickaxe's older Android version, GoldDiggerPlus, was also actively targeting victims in Latin America and South Africa, making inroads in those regions,” explains Jiří Kropáč, Director of Threat Detection at ESET.

In recent years, infostealing malware has also begun to spoof generative AI tools. In the first half of 2024, Rilide Stealer was spotted abusing the names of generative AI assistants such as OpenAI's Sora and Google's Gemini to lure potential victims. In another malicious campaign, the Vidar infostealer was hiding behind the Windows desktop app of the AI ​​image generator Midjourney, whose AI models were only accessible via Discord. Since 2023, ESET research has seen an increase in cybercriminals abusing AI themes, and this trend is expected to continue.

Gamers outside the official gaming ecosystem have come under attack from infostealers, as some cracked video games and cheat tools used in online multiplayer games have recently been found to contain infostealer malware, such as Lumma Stealer and RedLine Stealer. RedLine Stealer has seen several spikes in detections in ESET telemetry in the first half of 2024, driven by campaigns in Spain, Japan and Germany. The most recent wave has been so large that RedLine Stealer detections in the first half of 2024 exceeded those in the second half of 2023 by a third.

Balada Injector, a gang notorious for exploiting vulnerabilities in WordPress plugins, continued to rage in the first half of 2024, compromising over 20,000 websites and recording over 400,000 hits on ESET telemetry with variants used in the gang's latest campaigns. In the ransomware world, LockBit, a former major player, was dethroned by Operation Chronos, a global disruption carried out by law enforcement agencies in February 2024. ESET telemetry recorded two notable LockBit campaigns in the first half of 2024, which turned out to be the work of non-LockBit gangs using leaked LockBit builders.

The ESET Threat Report covers the news of a recently published in-depth investigation into the Ebury Group, a malware and botnet that represents one of the most sophisticated server-side malware campaigns currently operating. Over the years, Ebury has deployed a backdoor to compromise approximately 400,000 Linux, FreeBSD and OpenBSD servers, with over 100,000 still compromised as of the end of 2023.

Read alsoThe future of retail is tech-driven personalization and convenience, says Ace Turtle CTO Amit Kriplani

follow me: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter

About us:

CIO News is the premier platform for the latest news, updates and insights in the CIO industry. As a trusted source on the technology and IT sector, it provides a comprehensive resource for executives and professionals who want to stay informed and ahead of the curve. Focused on cutting-edge developments and trends, CIO News is the go-to source for keeping up with the rapidly evolving technology and IT landscape. Founded in June 2020, CIO News is rapidly evolving with ambitious growth plans to expand globally, targeting markets in the Middle East, Africa, ASEAN, US and UK.

CIO News is a property of Mercadeo Multiventures Pvt Ltd.





Source link

Related Posts

Will X get a native AI video editor? Product Director Nikita Beer answers

Michael Lewis

Girija Oak slams vulgar images morphed by AI after saree video goes viral

Michael Lewis

Everforce CEO Ted Hanson talks about productivity, not job disappearance

Michael Lewis

Leave a Reply

Your email address will not be published. Required fields are marked *