In the past six months, a significant increase in Android financial threats has been observed, with malware specifically targeting victims’ mobile banking funds. This includes traditional banking malware as well as more recent forms such as cryptostealers, as reported by ESET.
One noteworthy development is the emergence of infostealing malware impersonating generative AI tools. A new mobile malware called GoldPickaxe has the ability to steal facial recognition data to create deepfake videos, which are then used by the malware operators to authenticate fraudulent financial transactions. Additionally, there have been instances of infostealer malware hidden within video games and cheating tools used in online multiplayer games, such as the RedLine Stealer.
ESET researchers have discovered that GoldPickaxe, which has both Android and iOS versions, is targeting victims in Southeast Asia through localized malicious apps. Furthermore, an older Android variant of GoldPickaxe known as GoldDiggerPlus has also been found targeting victims in Latin America and South Africa.
Another malware campaign involved the Vidar infostealer, which masqueraded as a Windows desktop app for an AI image generator called Midjourney. This tactic is part of a broader trend where cybercriminals are increasingly abusing the AI theme to deceive victims.
Law enforcement has also taken action against cyber threats, such as the takedown of LockBit by Operation Chronos in February 2024. Despite this disruption, ESET recorded two notable LockBit campaigns in the first half of 2024, which were attributed to non-LockBit gangs using leaked LockBit builder.
In addition to malware threats, the Balada Injector gang has been exploiting vulnerabilities in WordPress plug-ins, compromising over 20,000 websites and generating over 400,000 hits in ESET telemetry for their recent campaign.
Overall, the landscape of cyber threats is evolving rapidly, with malicious actors utilizing innovative tactics to target individuals and organizations. It is crucial for users to remain vigilant and take necessary precautions to protect their devices and sensitive information from these ongoing security risks.