Information Stealing Malware Distributed as AT tools & Chrome Extensions

The first half of 2024 has seen a significant rise in information-stealing malware disguised as AI tools and Chrome extensions.

This trend highlights cyber criminals’ increasing sophistication and adaptability as they exploit emerging technologies and popular platforms to target unsuspecting victims.


Rise of AI-Themed Infostealers

According to the ESET threat report, artificial intelligence’s allure has captivated not only the tech industry but also cybercriminals.

In H1 2024, the Rilide Stealer emerged as a notable threat, masquerading as generative AI assistants like OpenAI’s Sora and Google’s Gemini.

These malicious campaigns leveraged the growing interest in AI to trick users into downloading malware-laden applications.

Similarly, the Vidar info stealer hid behind a supposed Windows desktop app for the AI image generator Midjourney, even though Midjourney’s AI model is only accessible via Discord.

This trend of exploiting AI themes is expected to continue as cybercriminals recognize the potential for high returns by capitalizing on the public’s fascination with AI.

The deceptive use of AI branding increases the likelihood of successful infections and complicates detection and mitigation efforts.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Gaming Community Under Siege

The gaming community, particularly those outside official gaming ecosystems, has also become a prime target for infostealer malware.

Cracked video games and cheating tools used in online multiplayer games have been found to contain malicious software such as Lumma Stealer and RedLine Stealer.

These threats compromise gamers’ personal information, including login credentials and financial data.

RedLine Stealer, in particular, has seen several detection spikes in H1 2024, with significant campaigns in Spain, Japan, and Germany.

Despite suffering a disruption in 2023, RedLine Stealer detections in the first half of 2024 surpassed those from the second half of 2023 by a third.

This resurgence underscores the persistent threat posed by infostealer malware within the gaming community.


A curious newcomer in the realm of mobile malware is GoldPickaxe, which has been targeting Southeast Asian victims through localized malicious apps.

This sophisticated malware is capable of stealing facial recognition data to create deep fake videos, which the malware’s operators then use to authenticate fraudulent financial transactions.

GoldPickaxe has both Android and iOS versions, making it a versatile threat.

ESET researchers have also uncovered an older Android sibling of GoldPickaxe, known as GoldDiggerPlus.

This malware has extended its reach to Latin America and South Africa, actively targeting victims in these regions.

The discovery of GoldPickaxe and GoldDiggerPlus highlights the evolving tactics of cybercriminals as they seek to exploit biometric data for financial gain.

The first half of 2024 has painted a dynamic and concerning picture of the cybersecurity landscape.

From AI-themed info stealers to sophisticated mobile malware like GoldPickaxe, cybercriminals are continually adapting their tactics to exploit emerging technologies and popular platforms.

The gaming community and mobile users, in particular, have been heavily targeted, underscoring the need for heightened vigilance and robust cybersecurity measures.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.