Increase in Lumma Stealer Malware and Android SpinOk SDK Spyware, Along with ChatGPT Name Abuses

Here are some key points from the H2 2023 threat report released by ESET, a cybersecurity company:

1. Abuse of the ChatGPT name: ESET has blocked 650,000 attempts to access malicious domains with names referencing the ChatGPT chatbot. Some apps ask users to provide their private API keys for ChatGPT, which can lead to the keys being exposed and misused. Users should be educated on how to detect and avoid browsing suspicious ChatGPT-related websites, as well as secure their private API keys and never share them.

2. Rise of the Lumma Stealer malware: In H2 2023, there was a decline in malicious cryptominers but an increase in cryptostealers, primarily due to Lumma Stealer. This malware targets cryptocurrency wallets, user credentials, and two-factor authentication browser extensions. Lumma Stealer deployment tripled between H1 and H2 2023, and multiple tiers are offered for the malware with varying prices. It shares a code base with other information stealers and is likely developed by the same author. Various distribution vectors are used, including cracked software installations, fake browser update campaigns, and Discord’s content delivery network.

3. Android SpinOk SDK spyware: The SpinOk SDK, initially marketed as a gaming platform to monetize app traffic, was found to act as spyware. It connects to a command and control server to gather data from Android devices, including potentially sensitive clipboard content. It attempts to stay undetected by using device sensors to check if it’s running in a virtual or lab environment. The SDK was incorporated into numerous legitimate Android apps, leading to over 421 million downloads. Google removed the apps once the malicious features were discovered. It highlights the risk of incorporating third-party code and the need for analysis, static analysis tools, and monitoring network traffic.

These risk mitigation tips aim to address the mentioned cybersecurity threats, ensuring user education, secure API key handling, software analysis, and monitoring network traffic for suspicious activity.

Unlock your business potential with our expert guidance. Get in touch now!