According to a report from Kaspersky laboratory, a new harmful campaign named Gipy has been uncovered, targeting users in Germany, Spain, and Taiwan. The campaign involves fraudsters using phishing tactics to lure victims with a supposed legitimate application that can change their voice using artificial intelligence.
The Gipy malware was first detected at the beginning of 2023 and immediately drew attention from cybersecurity experts. Upon installation, the application does provide the advertised voice-changing functionality, but it also secretly downloads malicious software in the background. This allows cybercriminals to steal data, mine cryptocurrency, and install additional harmful programs on the victim’s system.
During their investigation, experts discovered that when Gipy is uploading on GITHUB, it also loads a smaller archive containing malicious software. More than 200 of these archives were analyzed, with most of them containing the notorious Lumma Stealer. Additionally, variants of RAT trojans such as DCRAT and RADXRAT, as well as the modified Corona crypto-chain and other malware like Apocalypse Clipbanker, were identified. The researchers also found Golang-written Redline and RisePro styles, the Loli Stealth program, and Backdoor TrueClient among the malicious payloads.
Users are cautioned to exercise caution and vigilance when downloading and installing new applications, particularly those promising unique features using artificial intelligence. Cybercriminals are taking advantage of the increasing popularity of AI tools to carry out their attacks, so it is crucial for users to be wary of such threats and protect their devices accordingly.