The third trend discerned from the firm’s data was an increase in AI-enabled attacks, with reference to users of generative AI tools such as ChatGPT. A considerable number of attempts was found to access malicious domains with names resembling “chapgpt”, seemingly in reference to the chatbot. Threats encountered via these domains also included web apps that insecurely handled OpenAI API keys. Also:

    1. The fourth trend spotted for H2 2023 was a significant increase in Android spyware cases in the firm’s user base, mainly attributed to the presence of the SpinOk spyware. This malicious software is distributed as a software development kit, and it is found within various legitimate Android applications. Website admins should be wary of the plugins they install, especially for WordPress, as this dramatically increases the attack surface. Make sure to put in place a patching policy that requires admins to apply updates as soon as they are available. Brief all web developers about secure coding practices such as data sanitization, secure HTTP headers.
    2. The fifth trend was the continual dominance of one of the firm’s most recorded threats in H2 2023: a three-year-old malicious JavaScript code detected as JS/Agent. Similarly, Magecart, a threat that goes after credit card data, had continued to grow for two years by targeting myriads of unpatched websites. The attacks could have been prevented if developers and admins had implemented appropriate security measures.
    3. Lastly, the increasing value of bitcoin had not been accompanied by a corresponding increase in cryptocurrency threats in H2, diverging from past trends in the firm’s user base. However, crypto stealers rose in numbers notably, due to the 199% growth of the Lumma Stealer, an info stealer that targets cryptocurrency wallets.