ESET Threat Report Highlights Evolving Threats Targeting Mobile Devices and Financial Information

ESET’s latest Threat Report has unveiled a disturbing trend in cyber threats targeting mobile devices and financial information. The report, covering December 2023 through May 2024, highlights a surge in Android financial malware, including traditional banking trojans and newer cryptostealers aimed at stealing cryptocurrency holdings.

One concerning development is the rise of infostealing malware posing as popular generative AI tools. Malware like Rilide Stealer has been using names like OpenAI’s Sora and Google’s Gemini to deceive victims. Another campaign disguised the Vidar infostealer as a fake Windows desktop app for the AI image generator Midjourney. ESET warns that this tactic of leveraging the AI theme is likely to continue, with infostealing malware now impersonating generative AI tools.

The report also sheds light on the GoldPickaxe mobile malware, capable of stealing facial recognition data to create deepfake videos for fraudulent financial transactions. This malware has been targeting victims in Southeast Asia through localized malicious apps, with an Android version called GoldDiggerPlus spreading to Latin America and South Africa.

Furthermore, gamers using cracked video games and cheating tools for online multiplayer games are at risk of distributing info stealers like Lumma Stealer and RedLine Stealer. The latter saw a significant increase in detections in the first half of 2024, surpassing the previous six months by a third.

Despite the disruption of the LockBit ransomware gang by law enforcement in February 2024, ESET’s telemetry indicates that two recent LockBit campaigns were carried out by separate groups using the leaked LockBit builder. The report also highlights the ongoing investigation of the Ebury group, a sophisticated server-side malware campaign targeting Linux, FreeBSD, and OpenBSD servers, with over 100,000 servers still compromised by Ebury malware as of late 2023.