Gipy is not just a voice changer app, but a powerful tool for hackers.
Kaspersky Lab has identified a new malware campaign called Gipy that targets users in Germany, Spain, and Taiwan. Fraudsters use phishing baits, offering victims a supposedly legitimate application for changing their voice using artificial intelligence.
The Gipy malware first appeared in early 2023 and immediately attracted the attention of experts. Once installed, the app actually starts performing the promised voice-altering functions, but at the same time, malware is secretly downloaded. Gipy allows attackers to steal data, mine cryptocurrency, and install additional malware on the victim's system.
Experts found out that when running Gipy downloads a password-protected archive with malware from GitHub. During the analysis, more than 200 such archives were studied. Most of them contain the famous Lumma Stealer. However, Apocalypse ClipBanker, a modified Corona cryptominer, and several RAT Trojans were discovered, including DCRat and RADXRat. Additionally, RedLine and RisePro stylers written in Golang, the Loli stealth program, and the TrueClient backdoor were identified.
Experts urge users to be vigilant and careful when downloading and installing new applications, especially those that promise unusual features using artificial intelligence. Attackers are actively exploiting the growing popularity of AI tools to conduct their attacks.
Kaspersky Lab has identified a new malware campaign called Gipy that targets users in Germany, Spain, and Taiwan. Fraudsters use phishing baits, offering victims a supposedly legitimate application for changing their voice using artificial intelligence.
The Gipy malware first appeared in early 2023 and immediately attracted the attention of experts. Once installed, the app actually starts performing the promised voice-altering functions, but at the same time, malware is secretly downloaded. Gipy allows attackers to steal data, mine cryptocurrency, and install additional malware on the victim's system.
Experts found out that when running Gipy downloads a password-protected archive with malware from GitHub. During the analysis, more than 200 such archives were studied. Most of them contain the famous Lumma Stealer. However, Apocalypse ClipBanker, a modified Corona cryptominer, and several RAT Trojans were discovered, including DCRat and RADXRat. Additionally, RedLine and RisePro stylers written in Golang, the Loli stealth program, and the TrueClient backdoor were identified.
Experts urge users to be vigilant and careful when downloading and installing new applications, especially those that promise unusual features using artificial intelligence. Attackers are actively exploiting the growing popularity of AI tools to conduct their attacks.
