SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
ESET report exposes rise of AI attacks & Android spyware
Thu, 21st Dec 2023

The latest ESET Threat Report unveils key cybersecurity trends and incidents for the period June to November 2023, highlighting an environment riddled with significant security incidents, AI-themed attacks and Android spyware cases.

The report draws attention to several major cyber threats, including a surprising attack from the infamous cybercriminal group, Cl0p. Renowned for its large-scale ransomware attacks, the group deviated from its typical modus operandi in the prominent MOVEit hack, opting not to deploy ransomware. ESET Director of Threat Detection, Ji Krop, noted, "A key shift in Cl0p's strategy was its move to leak stolen information to public websites in cases where the ransom was not paid", a trend also seen with the ALPHV ransomware gang.

Another area of concern highlighted in the report is the escalating number of spyware cases affecting Android technology, with the SpinOk threat lifting the tally for this period. The report states that SpinOk spyware is distributed as a software development kit and is found within various legitimate Android applications.

In the realm of AI, ESET identified dedicated campaigns targeting users of AI tools such as ChatGPT and the OpenAI API. Also within the AI context, ESET researchers noted a sizeable number of efforts to access maligned domains resembling ChatGPT, suggesting potential threats to the privacy of OpenAI API users.

"Amidst the prevalent discussion regarding AI-enabled attacks, we have identified specific campaigns targeting users of tools like ChatGPT," said ESET's Jiří Kropáč.

"We also noticed a considerable number of attempts to access malicious domains with names resembling “chapgpt”, seemingly in reference to the ChatGPT chatbot. 

"Threats encountered via these domains also include web apps that insecurely handle OpenAI API keys, emphasising the importance of protecting the privacy of your OpenAI API keys."

The Threat Report also focused on the IoT landscape, signalling a new threat against IoT devices labelled Android/Pandora. This malware compromises Android devices including smart TVs, TV boxes, and mobile devices, and leverages them for DDoS attacks. On a brighter note, researchers at ESET have found a kill switch that was used to successfully neutralise the Mozi IoT botnet.

While ESET observed an elevated value of Bitcoin, they reported an uncharacteristic absence of a corresponding increase in cryptocurrency threats. Conversely, cryptostealers saw an uptick due to the emergence of the malware-as-a-service infostealer known as Lumma Stealer, focused on cryptocurrency wallets.

The ESET Threat Report provides a critical view of the current digital threat landscape, noting anything from malware campaigns to changes in cybercriminal tactics. Such snapshot can offer valuable insights for individuals and organisations eager to navigate an increasingly intricate web of digital threats and work towards secure and safe technological use.