Info-Stealing Malware Posing as Accessibility Tools and Chrome Extensions

Home/BOTNET, Compromised, Exploitation, Internet Security, Security Advisory, Security Update/Info-Stealing Malware Posing as Accessibility Tools and Chrome Extensions

Info-Stealing Malware Posing as Accessibility Tools and Chrome Extensions

The first half of 2024 has witnessed a notable surge in info-stealing malware masquerading as AI tools and Chrome extensions. This trend underscores cybercriminals’ growing sophistication and adaptability, leveraging emerging technologies and popular platforms to target unsuspecting victims.

According to the ESET threat report, artificial intelligence has not only captivated the tech industry but also cybercriminals.

In H1 2024, the Rilide Stealer emerged as a notable threat, posing as generative AI assistants like OpenAI’s Sora and Google’s Gemini.

These campaigns exploited the growing interest in AI to deceive users into downloading malware-laden applications.

Similarly, the Vidar info stealer disguised itself as a Windows desktop app for the AI image generator Midjourney, even though Midjourney’s AI model is exclusively available via Discord.

This trend of exploiting AI themes is expected to persist as cybercriminals seek high returns by leveraging public interest in AI.

The deceptive use of AI branding heightens the risk of successful infections and complicates detection and mitigation efforts.

The gaming community, particularly those outside official gaming ecosystems, has increasingly become a target for infostealer malware.

Malicious software like Lumma Stealer and RedLine Stealer has been found in cracked video games and cheating tools used in online multiplayer games, compromising gamers’ personal information, including login credentials and financial data.

RedLine Stealer, especially, has seen significant detection spikes in H1 2024, with major campaigns identified in Spain, Japan, and Germany.

Despite disruptions in 2023, detections of RedLine Stealer in the first half of 2024 surpassed those in the second half of 2023 by a third, underscoring the persistent threat posed by infostealer malware within the gaming community.

GoldPickaxe, a newcomer in the realm of mobile malware, has targeted Southeast Asian victims through localized malicious apps.

This sophisticated malware can steal facial recognition data to create deepfake videos, which its operators use to authenticate fraudulent financial transactions.

GoldPickaxe exists in both Android and iOS versions, making it a versatile threat.

Additionally, ESET researchers have identified an older Android variant called GoldDiggerPlus, which has expanded its operations to Latin America and South Africa, targeting victims actively in these regions.

The discovery of GoldPickaxe and GoldDiggerPlus underscores cybercriminals’ evolving tactics to exploit biometric data for financial gain.

The cybersecurity landscape in early 2024 has seen cybercriminals adapting tactics, targeting AI-themed info stealers and advanced mobile malware like GoldPickaxe. The gaming community and mobile users remain primary targets, emphasizing the need for heightened vigilance and strong cybersecurity measures.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2024-07-09T23:24:12+05:30 July 8th, 2024|BOTNET, Compromised, Exploitation, Internet Security, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!