Threat actors lure victims by advertising a legitimate-sounding AI voice-altering application, after users install the app, it functions as expected, but Gipy malware is silently installed in the background
A new malware campaign, dubbed Gipy, is targeting users in Germany, Russia, Spain, and Taiwan with phishing scams that promise an AI voice-changing application. According to researchers at Kaspersky, Gipy malware first appeared in early 2023. Once downloaded, it enables attackers to steal data, mine cryptocurrency, and install additional malware on the victim’s system.
Threat actors lure victims by advertising a legitimate-sounding AI voice-altering application. After users install the app, it functions as expected, but Gipy malware is silently installed in the background. Researchers noted that the malware also launches password-protected malware from GitHub.
During their investigation, experts analyzed over 200 of these malware archives. “Most of the ones on GitHub contain the infamous Lumma password stealer,” Kaspersky said in an emailed statement. “However, the experts also found Apocalypse ClipBanker, a modified Corona cryptominer, and several RATs, including DCRat and RADXRat. Additionally, they discovered password stealers like RedLine and RisePro, a Golang-based stealer called Loli, and a Golang-based backdoor named TrueClient.”
The researchers caution users to be aware of the increasing use of AI tools in these types of malicious exploits.
