June 2024

The ESET Threat Report H1 2024 summarizes threat landscape trends seen in ESET telemetry and from the perspective of both ESET threat detection and research experts, from December 2023 through May 2024. These past six months painted a dynamic landscape of Android Financial threats – malware going after victims’ mobile banking funds – be it in the form of “traditional” banking malware or, more recently, cryptostealers.

Keeping up with the times, infostealing malware can now be found impersonating generative AI tools as well. In H1 2024, Rilide Stealer was spotted misusing the names of generative AI assistants, such as OpenAI’s Sora and Google’s Gemini, to entice potential victims. In another malicious campaign, the Vidar infostealer was lurking behind a supposed Windows desktop app for AI image generator Midjourney – even though Midjourney’s AI model is only accessible via Discord. Since 2023, we have been increasingly seeing cybercriminals abusing the AI theme – a trend that is expected to continue.

A curious newcomer on this scene is GoldPickaxe, new mobile malware capable of stealing facial recognition data to create deepfake videos used by the malware’s operators to authenticate fraudulent financial transactions. Balada Injector, a gang notorious for exploiting WordPress plugin vulnerabilities, continued to run rampant in the first half of 2024, compromising over 20,000 websites and racking up over 400,000 hits in ESET telemetry for the variants used in the gang’s recent campaign.

There's much more to be explored in this Threat Report H1 2024. We encourage you to download it and dive deep into all the details!