Cybercriminals use the public's interest in artificial intelligence (AI) to distribute malware from text via video tools.
According to researchers at Mandiant, criminals set up websites claiming to provide “AI video generators” services and use those fake tools to distribute information stolen items, Trojan horses and backdoors.
Links to malicious websites have been attracted by researchers' attention through comments about social media platforms and advertisements and links. Researchers have discovered thousands of malicious ads on Facebook and LinkedIn. This promotes fake AI video generator tools such as “Luma AI”, “Canva Dream Lab” and “Kling AI” in November 2024.
To avoid detection, groups always rotate domains used by ADS, create new ads every day, using both compromised and newly created accounts. This campaign works through over 30 websites that mimic popular legal AI tools.
The researchers identified the initial payload as a Starkveil Dropper (detected by MalwareBytes/threat) classified as Trojan.Crypt. Written in Rust, Trojan must be run twice for the user to compromise the machine completely. After the first run, the malware will display an error window to trick the victim into running again.
Dropper deploys Xworm (detected as Backdoor.xworm) and FroStrift (detected as Trojan.Crypt) backdoor and Grimpull Downloader (detected as Trojan.Crypt).
After the system is completely compromised, this malware constellations harvest all sorts of data from infected devices and send it to cybercriminals using a variety of communication methods. Read the researcher's report for a complete technical analysis of malware.
The researcher said:
“The temptation to try out the latest AI tools can lead to anyone being a victim.”
Therefore, it is important to recognize these campaigns and adopt ways to recognize and block them.
- Beware. Posts or ads with numerous views that promise free AI text-to-video tools should be considered carefully, especially when prompting downloading executables that can be disguised as videos.
- Don't trust unsolicited messages or ads that promise incredible AI tools or free trials, especially if you are pressured to act quickly or provide personal information.
- Performs latest and aggressive protections to intercept these malware infections early on, detect and remove Infostealer malware.
- Use web protection in your browser that allows you to recognize and block fraudulent or malicious websites.
- Please do not click on sponsored search results. Other ways to find links to coveted products are preferred over sponsorship results, as they demonstrate that criminals reward them with outweighing legitimate owners.
- Look for an ad that is far too good, with an offer too good, emergency deadlines, or unusual payment methods such as cryptocurrency or wire transfers.
- We will scrutinise provided URLs that may be constructed to look like “real” but may not be the case.
- Download only AI software or tools from official, trusted sources or verified app stores.
Join Facebook Live on June 3rd for more practical advice on how to find scams.
It's not just reporting on threats. Remove them
Cybersecurity risks should not extend beyond headlines. Download MalwareBytes now to keep the threats from your device.
