Security News > 2023 > December > ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware’s Prevalence
Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK spyware.
In the second half of 2023, ESET has blocked 650,000 attempts to access malicious domains whose names include "Chatgpt" or similar string in an apparent reference to the ChatGPT chatbot.
One of the frauds resides in the OpenAI API for ChatGPT. The API needs a private API key that must be carefully protected and never exposed by users, yet some apps ask users to provide their API keys so the applications can use ChatGPT. As written by ESET researchers, "If the app sends your key to the developer's server, there may be little to no guarantee that your key will not be leaked or misused, even if the call to the OpenAI API is also made."
The Lumma Stealer malware shares a common code base with the infamous Mars, Arkei, and Vidar information stealers and is very likely to be developed by the same author, according to cybersecurity company Sekoia.
Various distribution vectors are used for spreading Lumma Stealer; ESET observed these methods in the wild: cracked installations of software, YouTube, fake browser update campaigns, content delivery network of Discord and installation via third-party malware loader Win/TrojanDownloader.
A mobile marketing software development kit identified as the SpinOk spyware by ESET climbed to being the seventh most detected Android threat for H2 2023 and the most prevalent type of spyware for the period.
News URL
https://www.techrepublic.com/article/eset-threat-report-h2-2023/
Related news
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)