A new ongoing malware campaign that exploits the growing popularity of AI tools by disguising itself as an AI voice generator has been discovered by Kaspersky. The malware uses GitHub to store password-protected archives as the final payload.

This payload contains password and data stealers enabling cybercriminals to steal various types of data, mine cryptocurrency, and download additional malicious software.

The Gipy malware has been active since mid-2023 and distinguishes itself by choosing AI tools as bait to spread malware. In a recent campaign observed by Kaspersky, the initial infection occurs when a user downloads a malicious file from a phishing website that imitates an AI application used to change voices. These websites are well-crafted and appear identical to legitimate ones. Links to the malicious files are frequently placed on compromised third-party websites running WordPress.

After the user clicks the “Install” button, the installer for a legitimate application starts, but in the background a script executes malicious activities. During its execution, Gipy downloads and launches third-party malware from GitHub packaged in password-protected ZIP archives.

Kaspersky experts have analysed over 200 of these archives. Most of the ones on GitHub contain the infamous Lumma password stealer. However, the experts also found Apocalypse ClipBanker, a modified Corona cryptominer, and several RATs, including DCRat and RADXRat. Additionally, they discovered password stealers like RedLine and RisePro, a Golang-based stealer called Loli, and a Golang-based backdoor named TrueClient.

The cybercriminals behind Gipy do not show a particular geographical preference, targeting users worldwide. The top five affected countries are Russia, Taiwan, the US, Spain, and Germany.

“AI tools bring remarkable benefits and revolutionise our daily lives, but users must stay vigilant,” says Oleg Kupreev, security expert at Kaspersky. “Cybercriminals are leveraging the surge in AI interest to spread malware and conduct phishing attacks. AI is being used as bait for over a year now and we do not expect this trend to abate.”