Over the past six months, Android financial threats have surged, targeting mobile banking funds through traditional malware and cryptostealers, as reported by ESET.

Infostealing malware like Vidar now impersonates generative AI tools, and new mobile malware GoldPickaxe steals facial recognition data for deepfake video authentication in fraudulent financial transactions. Infostealers, including RedLine Stealer, have also infiltrated video games and cheating tools, spiking in detection in H1 2024.

GoldPickaxe targets Southeast Asia and has an Android variant called GoldDiggerPlus found in Latin America and South Africa, according to Jiří Kropáč, Director of ESET Threat Detection.

Rilide Stealer misuses generative AI assistant names to lure victims. Vidar infostealer disguises as a Windows app for AI image generator Midjourney. ESET Research notes the increasing abuse of AI themes by cybercriminals, a trend expected to persist.

Infostealers attack gamers using cracked games and cheating tools, with Lumma Stealer and RedLine Stealer detections rising, notably in Spain, Japan, and Germany.

The Balada Injector gang exploited WordPress plug-in vulnerabilities, compromising over 20,000 websites and hitting over 400,000 in ESET telemetry in H1 2024.

LockBit ransomware was disrupted by Operation Chronos in February 2024, though ESET still recorded two major LockBit campaigns in H1 2024 by non-LockBit gangs using leaked tools.