INTELLIGENT BRANDS // Enterprise Security
Infostealing malware impersonating GenAI tools , GoldPickaxe stealing facial data to create deepfake videos , finds ESET
ESET released its latest Threat Report , which summarizes threat landscape trends seen in ESET telemetry and from the perspective of both ESET threat detection and research experts , from December 2023 through May 2024 . These past six months painted a dynamic landscape of Android financial threats , malware going after victims ’ mobile banking funds – be they in the form of traditional banking malware or , more recently , cryptostealers .
Infostealing malware can now be found impersonating generative AI tools , and new mobile malware GoldPickaxe is capable of stealing facial recognition data to create deepfake videos used by the malware ’ s operators to authenticate fraudulent financial transactions .
Video games and cheating tools used in online multiplayer games were recently found to contain infostealer malware such as the RedLine Stealer , which saw several detection spikes in H1 2024 in ESET telemetry .
“ GoldPickaxe has both Android and iOS versions and has been targeting victims in Southeast Asia through localised malicious apps . As ESET researchers investigated this malware family , they discovered that an older Android sibling of GoldPickaxe , called GoldDiggerPlus , has also tunnelled its way to Latin America and South Africa by actively targeting victims in these regions ,” explains Jiří Kropáč , Director of ESET Threat Detection .
In another malicious campaign , the Vidar infostealer was lurking behind a supposed Windows desktop app for AI image generator Midjourney – even though Midjourney ’ s AI model is only accessible via Discord . Since 2023 , ESET Research has increasingly seen cybercriminals abusing the AI theme – a trend that is expected to continue .
Gaming enthusiasts who ventured out of the official gaming ecosystem were attacked by infostealers , as some cracked video games and cheating tools used in online multiplayer games were recently found to contain infostealer malware such as Lumma Stealer and RedLine Stealer .
In recent months Infostealing malware also began to utilise the impersonation of generative AI tools . In H1 2024 , Rilide Stealer was spotted misusing the names of generative AI assistants , such as OpenAI ’ s Sora and Google ’ s Gemini , to entice potential victims .
RedLine Stealer saw several detection spikes in H1 2024 in ESET telemetry , caused by campaigns in Spain , Japan , and Germany . Its recent waves were so significant that RedLine Stealer detections in H1 2024 surpassed those from H2 2023 by a third .
Balada Injector , a gang notorious for exploiting WordPress plugin vulnerabilities , continued to run rampant in the first half of 2024 , compromising over 20,000 websites and racking up over 400,000 hits in ESET telemetry for the variants used in the gang ’ s recent campaign .
On the ransomware scene , former player LockBit was knocked off its pedestal by Operation Chronos , a global disruption conducted by law enforcement in February 2024 . Although ESET telemetry recorded two notable LockBit campaigns in H1 2024 , these were found to be the result of non-LockBit gangs using the leaked LockBit builder .
Jiří Kropáč , Director of Threat Detection , ESET
Over the years , Ebury has been deployed as a backdoor to compromise almost 400,000 Linux , FreeBSD , and OpenBSD servers ; more than 100,000 were still compromised as of late 2023 . p
60 INTELLIGENTCIO AFRICA www . intelligentcio . com