AI Voice Generator Malware Alert! Cybercriminals are disguising malware as trendy AI tools to steal passwords and data. Learn how to stay safe.
Kaspersky has discovered a new ongoing malware campaign that exploits the growing popularity of AI tools by disguising itself as an AI voice generator. The malware uses GitHub to store password-protected archives as the final payload. This payload contains password and data stealers, enabling cybercriminals to steal various data types, mine cryptocurrency, and download additional malicious software.
The Gipy malware has been active since mid-2023 and distinguishes itself by choosing AI tools as bait to spread malware. In a recent campaign observed by Kaspersky, the initial infection occurs when a user downloads a malicious file from a phishing website that imitates an AI application to change voices. These websites are well-crafted and appear identical to legitimate ones. Links to malicious files are frequently placed on compromised third-party websites running WordPress.
After the user clicks the “Install” button, the installer for a legitimate application starts, but in the background, a script executes malicious activities. While executing, Gipy downloads and launches third-party malware from GitHub packaged in password-protected ZIP archives. Kaspersky experts have analyzed over 200 of these archives. Most of the ones on GitHub contain the infamous Lumma password stealer. However, the experts also found Apocalypse ClipBanker, a modified Corona cryptominer, and several RATs, including DCRat and RADXRat. Additionally, they discovered password stealers like RedLine and RisePro, a Golang-based stealer called Loli, and a Golang-based backdoor named TrueClient.
The cybercriminals behind Gipy do not show a particular geographical preference; they target users worldwide. Russia, Taiwan, the US, Spain, and Germany are the top five affected countries.
Cybercriminals are leveraging the surge in AI interest to spread malware and conduct phishing attacks. AI has been used as bait for over a year now, and we do not expect this trend to decrease,” comments Oleg Kupreev, a Security Expert at Kaspersky.
Also Read: Lower Fees, Higher Scalability: How LAOS Network Disrupts Digital Asset Tokenization
To stay protected and safely explore new technologies, Kaspersky experts also recommend:
- Be cautious when downloading software from the internet, especially from a third-party website. Always try to download software from the official website of the company or service that you are using.
- Verify that the website you are downloading software from is legitimate. Look for the padlock icon in the address bar, and make sure that the website’s URL starts with “https://” to ensure that it is secure.
- Use strong, unique passwords for each account and enable two-factor authentication whenever possible. This can help protect your accounts from being compromised by attackers.
- Be wary of suspicious links or emails from unknown sources. Scammers often use social engineering techniques to trick users into clicking on links or downloading malicious software.
- Use a reliable security solution and keep it up-to-date. Kaspersky Premium is updated with the latest intelligence and can help detect and remove any malware on your computer.
