Data thieves are now also relying on generative AI tools such as Midjourney, Sora and Gemini to deceive people. This is how malicious mobile software steals facial recognition data to create deepfakes in order to steal money. This is what ESET’s brand new Threat Report reveals.
In its recent Threat Report, security vendor ESET outlines some new trends in cybercrime. What is particularly striking is the arrival of data-stealing malware in the form of generative AI tools. In the first half of 2024, Rilide Stealer appeared, which abused the names of generative AI assistants such as Sora and Gemini to lure potential victims. In another campaign, the information stealer Vidar hid behind a supposed Windows app for Midjourney. It presents itself as a downloadable version of the AI image generator, which is normally only accessible via Discord, but which installs several malware that logs keystrokes or steals data from crypto wallets.
GoldPickaxe’s mobile malware is also used to steal facial recognition data, allowing the creation of deepfake videos, which then authenticate fraudulent financial transactions. “GoldPickaxe comes in both Android and iOS versions and targets victims in Southeast Asia via localized malicious apps. When we investigated this malware family, we discovered that GoldDiggerPlus, an older Android member of GoldPickaxe, had also made its way to Latin America and South Africa, actively targeting victims in these regions,” says Jiří Kropáč, Director of Threat Detection at ESET.
LockBit Disturbed
Additionally, the Threat Report also reveals how data-stealing malware like Lumma Stealer or RedLine Stealer is integrated into ‘cracked’ video games and cheattools. Balada Injector also remains active in exploiting vulnerabilities in WordPress modules. In the world of ransomware, leading player LockBit was dethroned by Operatie Chronos, a global disruption action executed last February by law enforcement agencies.
