Cybercriminals Exploit AI Video Generation Trend with Malicious Ads

Fake AI Video Editor Ads Targeting Users

The threat group UNC6032 is running a campaign using fake ads on social media platforms to promote non-existent AI video generation tools. According to Google’s Mandiant Threat Defense group, these ads have reached over 2 million users on platforms like Facebook and LinkedIn. The ads lead to bogus websites that distribute malware instead of the advertised services. Researchers have identified thousands of instances where these ads impersonate legitimate tools, such as Canva Dream Lab and Luma AI, to deceive users. Clicking on these ads often leads to downloading Python-based infostealers and backdoors, jeopardizing users' sensitive information. For more details, see the findings from Mandiant here.

Risks Associated with AI Tools

The UNC6032 group, believed to have connections to Vietnam, has exploited the growing interest in AI applications. Mandiant's investigation revealed that the malicious ads had a total reach of over 2.3 million users, though this does not necessarily indicate the number of actual victims. Experts warn that these fake AI tools target a wide audience, not just graphic designers, and advise users to verify the legitimacy of websites before downloading software. To learn more about the risks, refer to the analysis here. Person's hand holding an iPhone and using the Luma Labs Dream Machine artificial intelligence video generator Image courtesy of CyberScoop

Mechanism of Infection

The fake ads lead to websites that mimic actual AI video generation services. Users are prompted to enter details to generate content, but instead receive malware disguised as a legitimate file. This malware often includes remote access trojans (RATs) and information stealers that can compromise credentials, credit card data, and other sensitive information. For insights on how these campaigns function, refer to the comprehensive report by Mandiant here.

The Noodlophile Stealer and Its Impact

The Noodlophile Stealer is another malware variant that has emerged, exploiting the trend of fake AI platforms. This stealer can harvest browser credentials and cryptocurrency wallet information, all while masquerading as legitimate software. The tactics employed by these attackers are becoming increasingly sophisticated, utilizing social engineering to lure unsuspecting users. The malware is delivered through fake platforms that promise advanced content generation services. For additional details on this malware and its methods, see the analysis here. Graph from Google Trends showing the rise in internet searches for “AI video generator” over the past year. Image courtesy of CyberScoop

Preventive Measures and Recommendations

Organizations and individuals are urged to employ cybersecurity measures such as monitoring tools and threat intelligence to protect against these evolving threats. GrackerAI offers AI-powered cybersecurity marketing solutions that help organizations stay informed about emerging trends and threats. By automating news insights, GrackerAI enables marketing teams to create timely and relevant content that resonates with cybersecurity professionals. To explore how GrackerAI can assist in your cybersecurity marketing efforts, visit our website at GrackerAI.