Hackers Spread Malware via AI Voice
In a surprising turn of events, cybercriminals have weaponized the allure of AI technology to propagate a new strain of malware dubbed “Gipy.” This campaign, discovered by researchers at Kaspersky, is targeting users in Germany, Russia, Spain, and Taiwan. It promises an AI voice-changing application but delivers much more sinister consequences.
Gipy emerged in February 2023 and its delivery mechanism is extremely sophisticated, thus it has already provoked severe reactions among cybersecurity specialists. Here’s how it works: Users are lured by the promise of a cutting-edge AI tool that can alter their voice. Intrigued, they download and install the application, which at first performs as advertised and is safe from other threats. However, behind the scenes, Gipy malware silently infiltrates their systems.
Once activated, Gipy does not stop at just stealing data. It opens the door to a host of malicious activities, including cryptocurrency mining and the installation of additional malware. The malware’s deployment is particularly clever, using GitHub to download password-protected malicious payloads.
In their investigation, Kaspersky experts analyzed over 200 of these malicious archives hosted on GitHub. They found that many contained the notorious Lumma password stealer. Others harbored various forms of malware, such as Apocalypse ClipBanker, a modified Corona cryptominer, and multiple Remote Access Trojans (RATs) like DCRat and RADXRat. Additionally, they identified password stealers like RedLine and RisePro, and even a Golang-based stealer named Loli and a Golang-based backdoor known as TrueClient.
Imagine downloading an AI app to prank your friends with a different voice, only to find that your computer is now under siege, leaking personal information, and working overtime to mine cryptocurrency. This example underscores the importance of downloading software only from trusted sources and remaining vigilant about cybersecurity.
In the Gipy campaign, the audience is shown snippets of the sophistication of the malware and the perpetual nature of the threat, thus the need for robust cybersecurity measures. As the tactics of cybercriminals evolve with the help of new technology, the threats also evolve, and therefore, users need to be more informed and careful than ever.
