- Kaspersky is tracking malware that uses AI software as a tool to get user to download a payload.
- The firm notes that while a legitimate application is installed, a script also downloads malware from a GitHub archive.
- This malware includes password stealers, remote access trojans and more.
The popularity of artificial intelligence means that it’s a fruitful lure for cybercriminals. While the use of AI for nefarious activities is a major barrier, cybercriminals are simply packaging malware with AI tools.
Since mid-2023, Kaspersky has been tracking Gipy malware which is sets itself apart by using AI tools as bait to get folks to download it.
“In a recent campaign observed by Kaspersky, the initial infection occurs when a user downloads a malicious file from a phishing website that imitates an AI application used to change voices. These websites are well-crafted and appear identical to legitimate ones. Links to the malicious files are frequently placed on compromised third-party websites running WordPress,” the cybersecurity firm explains.
Once a user downloads the AI tool disguising the malware, a legitimate application is installed but a malicious script runs in tandem. The script downloads third-party malware from GitHub including password stealers, remote access trojans, ClipBanker, Apocalypse and others. Kaspersky says it has analysed roughly 200 of these archives.
“AI tools bring remarkable benefits and revolutionise our daily lives, but users must stay vigilant. Cybercriminals are leveraging the surge in AI interest to spread malware and conduct phishing attacks. AI is being used as bait for over a year now and we do not expect this trend to abate,” comments Oleg Kupreev, security expert at Kaspersky.
The cybercriminals behind Gipy don’t have a geographic preference but the countries that have seen the most detections of the attack are Russia, Taiwan, the US, Spain, and Germany.
While it may be tempting to download AI software to play around with the tech, you are taking a bit of a risk as Gipy illustrates.
To that end, Kaspersky offers the following advice before downloading any software from the web:
- Be cautious when downloading software from the Internet, especially if it’s from a third-party website. Always try to download software from the official website of the company or service that you are using.
- Verify that the website you are downloading software from is legitimate. Look for the padlock icon in the address bar and make sure that the website’s URL starts with https:// to ensure that the website is secure.
- Use strong, unique passwords for each of your accounts and enable two-factor authentication whenever possible. This can help protect your accounts from being compromised by attackers.
- Be wary of suspicious links or emails from unknown sources. Scammers often use social engineering techniques to trick users into clicking on links or downloading malicious software.
- Use a reliable security solution and keep it up-to-date.
