Fake AI Websites and Malware Threats

Nikita Shekhawat
Nikita Shekhawat

Marketing Analyst

 
September 9, 2025 3 min read

Mandiant has reported the emergence of over 30 fraudulent AI websites that impersonate legitimate tools like Luma AI, Canva Dream Lab, and Kling AI. These fake sites are used to spread malware, including infostealers and backdoors. The campaign, attributed to a Vietnamese group tracked as UNC6032, has been active since mid-2024 and has gained traction through thousands of social media ads, mainly on Facebook and LinkedIn, which have collectively reached millions of viewers. These malicious ads promise free access to AI video generation capabilities but redirect users to phishing pages that deliver malware payloads upon interaction. According to Mandiant, the ads have gained significant visibility, with estimates of up to 2.3 million users in the EU alone. Key Payloads and Attack Chain The malware delivered through these fake websites typically includes a multi-stage attack chain. In one observed attack, the STARKVEIL dropper was used to deploy three different Python-based payloads after the initial infection. The dropper disguises itself as an executable file with an .mp4 extension, tricking users into executing it. Upon execution, users are prompted with an error message designed to coax them into running the file a second time, completing the attack chain.

Malware attack chain

Image courtesy of Google Cloud Blog The final payloads include GRIMPULL, XWORM, and FROSTRIFT. GRIMPULL acts as a downloader, connecting to command-and-control servers via Tor to retrieve further malicious payloads. XWORM is a remote access trojan capable of logging keystrokes and exfiltrating sensitive information, while FROSTRIFT targets cryptocurrency wallets and password manager extensions. Exploitation of AI Trends The rapid proliferation of AI video generation tools has created a new avenue for cybercriminals. Cybercriminals are now capitalizing on the hype around platforms like a creative AI visuals tool, using fake sites and downloads to spread advanced malware. This evolution highlights how the growing AI space is being manipulated for malicious gain. As interest in AI tools surges, so does the opportunity for malicious actors to exploit this fascination through social engineering tactics. Mandiant highlights how these campaigns have evolved from older malware distribution methods, now leveraging AI as a lure to attract a more trusting audience.

Malicious Facebook ads

Image courtesy of Google Cloud Blog In addition to the reported campaigns, researchers have linked similar activities involving other AI tools, indicating a broader trend of targeting emerging technologies for malicious purposes. Impact on Organizations and Individuals Victims of these campaigns have reported stolen credentials, cookies, and sensitive financial information, raising significant concerns about the implications for both businesses and individual users. Mandiant's analysis indicates that the threat landscape is evolving, with attackers constantly adapting their tactics to evade detection. For organizations navigating this complex landscape, tools like GrackerAI can assist in monitoring these threats and transforming security news into strategic content opportunities. GrackerAI is designed to empower cybersecurity marketing teams by automating insight generation from industry developments, ensuring timely and relevant messaging. As cybercriminals continue to leverage AI trends, it is vital for businesses to stay informed and proactive. Explore GrackerAI's offerings for cybersecurity content automation and strategic marketing solutions at GrackerAI or contact us for more information.

Latest Cybersecurity Trends & Breaking News

Katz Stealer Targets Chrome, Edge, Brave, and Firefox to Steal Login Credentials AI-Generated TikTok Videos Distributing Infostealer Malware

Nikita Shekhawat
Nikita Shekhawat

Marketing Analyst

 

Data analyst who identifies the high-opportunity keywords and content gaps that fuel GrackerAI's portal strategy. Transforms search data into actionable insights that drive 10x lead generation growth.

Related Articles

growth hacking

8 Key Principles of Growth Hacking for Social Media and SEO

Unlock 8 growth hacking principles for B2B SaaS, focusing on social media & SEO. Drive cybersecurity growth with proven tactics.

By Abhimanyu Singh October 24, 2025 13 min read
Read full article

Navigating the Cybersecurity SaaS Marketing Landscape: Essential Questions for Value-Driven Strategies

Drive value with your cybersecurity SaaS marketing! Learn essential questions to shape winning strategies and achieve growth.

By Deepak Gupta October 23, 2025 9 min read
Read full article
ethical AI

Ethical AI in SaaS: What Legal Lessons Teach Us About Accountability and Trust

Discover how SaaS companies can build trust with ethical AI. Learn lessons from the legal sector on data protection, transparency, and accountability.

By Vijay Shekhawat October 23, 2025 5 min read
Read full article
business internet security

What Are the Best Practices for Business Internet Security at the Network Level?

Learn the best network-level security practices for businesses, including Zero Trust, MFA, EDR tools, segmentation, and secure monitoring.

By Ankit Lohar October 23, 2025 5 min read
Read full article