Info-Stealing Deepfakes Target Android Mobile Banking Users
By: Jim Stickley and Tina Davis
December 18, 2024
A report by ESET (Essential Security against Evolving Threats) looks at the cyber threat landscape over the first half of the year. Their combined data collection and monitoring finds troubling threat patterns targeting Android users and their mobile devices. Those findings involve info-stealing malware combined with AI deepfakes to heist user financial information—a devious combination.
False Face Fraud
Fears of AI facilitating cybercrime are alive and well according to ESET’s findings, and for good reason. They found GoldPickaxe, a new mobile malware, steals facial recognition biometrics to make deepfake videos. Using the deepfake, GoldPickaxe fraudulently authenticates a user’s identity to cash in on sham financial transactions.
Info-stealing malware is now being used impersonate generative AI tools like Sora by OpenAI and Google’s Gemini. Sora is an AI-generated text-to-video tool. User prompts instruct Sora to extend short video clips into longer videos that can fraudulently represent an Android mobile user’s identity. Gemini has capabilities similar to OpenAI, including working with images, video, and audio—another identity fraud tool in the wrong hands.
Staying Safe
With deepfakes being used for financial fraud, ESET’s findings show Android mobile banking users need to be more careful, especially with their identity. The important thing to remember is keeping your personally identifiable information (PII) to yourself, including on social media posts.
Never share your PII until you verify the asker is legitimate. Whether by phone, text, or email, fraudsters contact targets pretending to be from their financial institution (FI). They say anything to get your attention including instilling urgency and fear, all to steal your sensitive information.
A phone call to the financial institution can verify if the caller and information you’re being told is for real, as can logging in to the FI’s official website for account messages. Also, consider setting up a code word shared between you and your FI for identity verification. Never use the phone number, website address, or other contact information provided by the “FI employee.” It can be a direct line to the fraudster continuing the scam.
Staying safe online is evolving to meet the threat of AI being used for cybercrime. Identity verification is more essential than ever, and using the tools we have to do that is our responsibility. So, remember overall, verify first before sharing PII so you don’t end up paying the price later.