The threat landscape in the second half of 2023 is dominated by AI and Android spyware


The threat landscape was very busy in the second half of 2023, according to cybersecurity vendor ESET.

In his Threat Report: H2 2023the firm recorded numerous significant cybersecurity incidents between June and November 2023, a period dominated by AI-related malicious activities and the emergence of new Android spyware.

According to The reporta new economy emerged around OpenAI API keys and the ChatGPT name during this period, attracting legitimate participants and cybercriminals alike.

ESET telemetry in the second half of 2023 blocked more than 650,000 attempts to access malicious domains whose names include the string “chapgpt” or similar text in an apparent reference to the chatbot ChatGPT.

“While most of the blocks occurred in June, the following months saw website visitors encounter a steady stream of malicious domains superficially offering OpenAI services,” the report said.

Read more: Cybercriminals are hesitant to use generative AI

Increase in spyware when SpinOk SDK is released

ESET Telemetry reported a significant increase in Android spyware detections, increasing by 89% in the second half of 2023 compared to the previous period.

This is because a significant number of legitimate Android apps are starting to behave like

Spyware in H2. According to ESET researchers, the reason is a third-party software development kit (SDK) identified by the company as SpinOk Spyware.

“Surprisingly, this SDK has been integrated into many legitimate Android apps, many of which are available on official app markets. As a result, SpinOk Spyware climbed to seventh place in the Top 10 Android Detections for H2 2023, becoming the most prevalent type of spyware for the period – almost a third of all spyware detections observed by ESET telemetry were made of SpinOk,” the researchers wrote. .

Lukáš Štefanko, Senior Malware Researcher at ESET, commented: “The SpinOk case reminds app developers of the need to be careful when deciding to incorporate third-party technology into their apps. It’s common for developers to be approached by third-party technology providers, but it’s crucial to evaluate these technologies thoroughly to ensure they are secure and suitable for their applications.

“Ensuring the security of an SDK involves a series of steps, starting with a thorough investigation into the reliability of the vendor. This involves understanding the functionality of the SDK, reviewing its documentation, and, if possible, examining the source code for possible anomalies,” he added.

Štefanko also provided specific recommendations to prevent this type of threat. These include:

  • Conduct a test in a secure environment before integrating an SDK into applications to evaluate its behavior and performance
  • Use static analysis tools to uncover unwanted behaviors and potential vulnerabilities
  • Keep an eye on network traffic to spot any unexpected data transfers
  • Analysis of your own applications after an integration test with the third-party SDK considered
  • Check if the SDK or its provider has security certifications or audits
  • Get feedback from forums or developer groups on said SDK

The MOVEit ripple effect is still felt

The MOVEit supply chain attack had a significant ripple effect throughout the second half of the year. According to cybersecurity vendor Emsisoft, the hack affected nearly 2,700 organizations at the time of writing.

This is one of the most significant events of the second half of the year, ESET observed.

Jakub Souček, another senior malware researcher at ESET, said the MOVEit hack was one of the biggest stories in 2023.

“It was not just the scale of the campaign that made it so significant,” he commented, “but also the technical skill of the Clop gang who were behind the attack. These threat actors demonstrated that they could discover a new zero-day vulnerability, weaponize it, and wait for the opportune moment to deploy it.

“In 2024, we expect many of the trends described to continue, with today’s major players focusing on expanding their affiliate programs. By employing other cybercriminals in their schemes, big families will limit the space for new competitors to emerge,” he added.

No Trend in Cryptocurrency Threat

Other highlights observed by ESET included Magic cart e-commerce cyberattacks, botnets such as Internet of Things (IoT)-specific Mozi and Android TV boxes, Pandora, and a rapidly emerging cryptostealer called Lumma Stealer.

Finally, ESET noted that the growing value of Bitcoin has not been accompanied by a corresponding increase in cryptocurrency threats, a departure from past trends.

Leave a comment