Google warns about Vietnam-based hackers using fake AI video generators to spread malware

AI Video & Visuals


Fake AI-driven video generators discovered by Google researchers are being used to spread Infostealers and other types of malware.

A group of cybercriminals created a network of fraudulent websites pose as cutting-edge AI tools and promoted the site by purchasing ads on social media platforms, researchers said.

Experts from Tech Giant's Mandiant unit have published a report supporting previous ratings by Facebook and security company Morphisec, identifying campaigns designed to weaponize interest in AI tools that can generate videos based on user prompts.

Mandiant has been tracking the campaign since November and said he believes the group (tagged as UNC6032) is likely to be based in Vietnam.

“Victims are usually directed at these fake websites via malicious social media ads pose as legitimate AI video generator tools such as Luma AI, Canva Dream Lab and Kling AI.

The campaign is likely to be active on other platforms, and Mandiant said he observed an incident that “derives the removal of login credentials, cookies, credit card data and Facebook information via the Telegram API.”

The campaign has been ongoing since mid-2024 and has impacted people all over the world. Mandiant said he worked with Meta to remove malicious ads, domains and accounts, but the social media giant removed many malicious ads before Mandiant approached him.

Mandiant was able to research ads through Meta's advertising library. This is something that was recently created to be created as part of the European Union's Digital Services Act. The tool allowed researchers to find 30 websites promoted by thousands of ads placed on Facebook.

Hackers have published ads through their newly created Facebook page and compromised accounts on the platform. The total reach of EU ads was 2.3 million users. This is a number edited based on the estimated number of accounts that have seen the ad at least once.

The campaign usually rotated the domains mentioned in the ads to avoid detection by researchers.

On LinkedIn, Mandiant found around 10 ads that were impressed by around 50,000-250,000 in the US, Europe and Australia.

All websites had a similar interface that provided text-to-video text or video-to-video generation. When someone provides the prompt, they will be provided with a file with a malware stock known as starkveil.

Malware is designed to steal information and create backdoors for hackers to extend access. Other distortions in the malware tell the hacker that antivirus tools are installed, and if the device has a camera, victim's timezone, etc.

“Our research was limited in scope, but we found that skillfully crafted, fake “AI websites” pose a major threat to both organizations and individual users,” the researchers said.

“These AI tools no longer target only graphic designers. Anyone can be invited to a seemingly harmless ad. The temptation to try out the latest AI tools can lead to a victim.”

Last year, researchers at Bitdefender discovered a similar campaign in which hackers took over their Facebook account and subscribed to product news and ads for software with links to downloads containing various types of infosing malware.

The Mandiant report was released Tuesday ahead of the Google Safety Engineering Center's first scam summit, along with a larger Google Advisory on customer support scams, fake travel websites, fictitious package tracking messages and unpaid Toll SMS text. This advisory includes the kinds of things that were spotlighted in Mandiant's report on fake AI video generators.

Get more insights

Recorded future

Intelligence Cloud.

learn more.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *