Gipy, a newly discovered campaign using a strain of infostealer malware, is targeting users in Germany, Russia, Spain, and Taiwan with phishing lures promising an AI voice changing application.

Researchers at Kaspersky said Gipy malware first emerged in early 2023 and, once delivered, allows adversaries to steal data, mine cryptocurrency, and install additional malware on the victim’s system.

Threat actors in this instance are luring victims with the promise of a legitimate AI voice altering application, the researchers explained. Once the user installs it, the application starts to work as promised, meanwhile, Gipy malware is also being delivered in the background, the Kasperky team added.

As Gipy is executed, the researchers noted the malware then launches password-protected malware from GitHub.

During their investigation into the campaign, experts analyzed over 200 of these archives.

“Most of the ones on GitHub contain the infamous Lumma password stealer,” Kaspersky said in an emailed statement. “However, the experts also found Apocalypse ClipBanker, a modified Corona cryptominer, and several RATs, including DCRat and RADXRat. Additionally, they discovered password stealers like RedLine and RisePro, a Golang-based stealer called Loli, and a Golang-based backdoor named TrueClient.”

The researchers urge users to be aware that threat actors are keen to exploit the rising popularity of AI tools with these kinds of malicious exploits.

Source: www.darkreading.com