Gipy can steal user passwords.
Kaspersky discovered a new malware campaign called Gipy that exploits artificial intelligence (AI) tools to steal passwords. According to the cybersecurity firm, this malware masquerades as a voice modifier.
How does Gipy malware disguise itself to steal user passwords?
The malware uses GitHub, a popular platform dedicated to programmers for storing password-protected files as the payload.
The Gipy malware has been active since mid-2023 and distinguishes itself by choosing AI tools as bait to spread malicious files.
The infection occurs when the user downloads a malicious file from a phishing website that mimics an AI application used to change voices.
After the user clicks the “Install“ button, the installer of a legitimate application starts; however, a script executes malicious activities in the background.
During its execution, Gipy downloads and launches third-party malware from GitHub packaged in password-protected ZIP archives.
Important points to consider:
- These websites are well developed and appear to be identical to the legitimate ones.
- Links to the malicious files are frequently placed on compromised third-party pages that use WordPress
No geographic preference for Gipy malware
The cybercriminals behind Gipy show no particular geographic preference, targeting users from all over the world.
The five most affected countries are:
- Russia
- Taiwan
- United States
- Spain
- Germany
Expert recommendations to avoid falling into this type of scams
To stay protected and explore new technologies safely, Kaspersky experts recommend:
- Use caution when downloading software from the Internet, especially if it comes from a third-party website. Always download software from the official website of the company or service you are using.
- Verify that the website from which you are downloading software is legitimate. Look for the padlock icon in the address bar and make sure the URL begins with https:// to ensure the site is secure.
- Use strong, unique passwords for each of your accounts and enable two-factor authentication whenever possible. This can help protect your accounts from being compromised by attackers.
- Be wary of suspicious links or emails from unknown sources. Scammers often use social engineering techniques to trick users into clicking on links or downloading malicious software.
- Use a reliable security solution and keep it updated, such as Kaspersky Premium.
