Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK spyware.
It is unknown if this app was created as an effort in a ChatGPT API keys phishing campaign or exposed on the internet for another reason.
The use of the API key is billed by OpenAI. So once in possession of someone's private API key and depending on the users or company's subscription, an attacker might use it for their own needs without paying; the attacker might also resell it to other cybercriminals.
Figure A. Recommendations related to these ChatGPT security threats.
Users should be educated to detect such threats and avoid browsing suspicious websites related to ChatGPT. They must secure their private ChatGPT API key and never share it.
In H2 2023, malicious cryptominers declined by 21% in the cryptocurrencies malware threat landscape, according to ESET; however, cryptostealers are on the rise by more than 68% for the same period, wrote the researchers.
This strong augmentation was caused by a single specific threat: Lumma Stealer, which is also known as LummaC2 Stealer.
According to ESET, the deployment of Lumma Stealer tripled between H1 and H2 2023.
Multiple tiers are offered for the malware with prices ranging from $250 USD to $20,000 USD. The highest option allows the buyer to get access to the full C source code for the malware.
The buyer is also allowed to resell the malware independently of its developer.
The Lumma Stealer malware shares a common code base with the infamous Mars, Arkei, and Vidar information stealers and is very likely to be developed by the same author, according to cybersecurity company Sekoia.
Various distribution vectors are used for spreading Lumma Stealer; ESET observed these methods in the wild: cracked installations of software, YouTube, fake browser update campaigns, content delivery network of Discord and installation via third-party malware loader Win/TrojanDownloader.
A mobile marketing software development kit identified as the SpinOk spyware by ESET climbed to being the seventh most detected Android threat for H2 2023 and the most prevalent type of spyware for the period.
The SpinOk SDK offered developers a gaming platform intended to monetize application traffic.
Multiple developers incorporated the SDK in their apps, including apps already available on official Android marketplaces.
Once running, the application starts to act as spyware and connects to a command & control server before starting to extract data from the Android device, including potentially sensitive clipboard content, according to ESET. The malicious code has features to try to stay undetected.
The SDK has been incorporated into various legitimate Android applications.
101 Android apps have used the malicious SDK, with more than 421 million cumulated downloads, as reported in May 2023 by cybersecurity company Doctor Web, who contacted Google; then, Google removed all those applications from the Google Play Store.
The company responsible for SpinOk contacted Doctor Web and updated its module to version 2.4.2, which removed all the spyware features.
A company called Roaster Earn explained how they ended up installing the SDK in their own application.
This Cyber News was published on www.techrepublic.com. Publication date: Fri, 22 Dec 2023 23:13:05 +0000