The effect of malware infection can be catastrophic beyond imagination. If you think this is an exaggeration, ask companies that have been infected with ransomware (a form of malware), or individuals who had their PII stolen only for it to appear for sale on the Dark Web. This necessitates that you need to know what's out there, enabling you to be the first line of defense in your company or your family.
Additionally, Artificial Intelligence arguably became a household name in the latter part of 2022. Fast forward to early 2025, we have come to realize the threat that it poses despite its incredible usefulness. In today's edition, the articles that we'll review are about malware and artificial intelligence, helping you stay informed and ultimately safe while you use the internet.
Kaspersky researchers find screenshot-reading malware on the App Store and Google Play
Here is what I want you to take away from this article: don't store images of your wallet passphrases on your mobile phone or an online account. You have been warned.
Here is why:
The malware in question uses optical character recognition (OCR) to review a device's photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more than 242,000 times. Kaspersky says "This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace."
Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
To be candid, I don't know what type of assessment to give this article. But I'll conclude that scammers are out there to get your credit card details. What's more, this is another abuse of a legitimate service.
From the article:
As of writing, as many as three sites have been found to be infected with the GTM identifier (GTM-MLHK2N68) in question, down from six reported by Sucuri. GTM identifier refers to a container that includes the various tracking codes (e.g., Google Analytics, Facebook Pixel) and rules to be triggered when certain conditions are met.
Further analysis has revealed that the malware is being loaded from the Magento database table "cms_block.content," with the GTM tag containing an encoded JavaScript payload that acts as a credit card skimmer.
How AI-driven identify fraud is causing havoc
If you're the only one who knows about the AI trend in your family or organization, I have a humble request. Please, educate your family about AI and let your organization know what's out there. It's better safe than sorry.
AI is here to stay. Some might think otherwise, but let's leave that for now. Still, identity fraud is a scary thing; imagine someone using your PII to open a bank account or use it to bypass KYC checks at some website. You might think, It cannot happen to me. Who says you and I are immune to modern cyber threats?
Think again because:
AI-driven fraud attacks will only continue to grow as the technology gets cheaper and more effective. As this new cyber-arms race plays out between corporate network defenders and their adversaries, it’s consumers that will be caught in the middle. Make sure you’re not next.
New hack uses prompt injection to corrupt Gemini’s long-term memory
When I watched the 2-minute YouTube video attached to the article, I realized how easy it was to pull off the hack.
For reference, here is what I am talking about and I encourage you to read the article for full details.
Spyware maker caught distributing malicious Android apps for years
Spyware is malware; there is no doubt about that. Meanwhile, some have specialized in developing what could be termed surveillance tools and selling them to government customers.
However, the mode of deploying the malware could be spear-phishing or what I call put-it-out-there and let's see who gets infected. The latter perfectly describes the article in question. Based on the article, and at the time of writing, they don't know who was targeted. But given the mode of distribution, we can argue that it could be anyone.
From the article:
Kaspersky said in a 2024 report that the people behind Spyrtacus began distributing the spyware through apps in Google Play in 2018, but by 2019 switched to hosting the apps on malicious web pages made to look like some of Italy’s top internet providers.
Kaspersky said its researchers also found a Windows version of the Spyrtacus malware, and found signs that point to the existence of malware versions for iOS and macOS as well.
Valve removes Steam game that contained malware
Based on the article, Valve did not provide information about the malware. However, they advise the players who downloaded the game to scan their system with an antivirus or perform a system reset.
This further emphasizes that despite defenses put in place by organizations and businesses to protect their users, some malicious users might still find a way to circumvent the defenses.
The following excerpt from the article shows why the gamers could have been targeted in the first place.
The Steam app, as well as video games themselves, typically have deep access to gamers’ devices, making malware targeting gamers particularly appealing to hackers. Last year, TechCrunch reported that hackers were targeting gamers with an infostealer malware, a campaign that Activision was investigating. In 2023, hackers were found infecting players of an old Call of Duty game with a self-spreading malware.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)