Cybercriminals Exploit Fake AI Websites to Spread Malware

Vijay Shekhawat
Vijay Shekhawat

Software Architect

 
May 28, 2025 3 min read

Fake AI Websites and Malware Threats

Fake AI video generation websites
Image courtesy of SC Media

Mandiant has reported the emergence of over 30 fraudulent AI websites that impersonate legitimate tools like Luma AI, Canva Dream Lab, and Kling AI. These fake sites are used to spread malware, including infostealers and backdoors. The campaign, attributed to a Vietnamese group tracked as UNC6032, has been active since mid-2024 and has gained traction through thousands of social media ads, mainly on Facebook and LinkedIn, which have collectively reached millions of viewers.

These malicious ads promise free access to AI video generation capabilities but redirect users to phishing pages that deliver malware payloads upon interaction. According to Mandiant, the ads have gained significant visibility, with estimates of up to 2.3 million users in the EU alone.

Key Payloads and Attack Chain

The malware delivered through these fake websites typically includes a multi-stage attack chain. In one observed attack, the STARKVEIL dropper was used to deploy three different Python-based payloads after the initial infection. The dropper disguises itself as an executable file with an .mp4 extension, tricking users into executing it. Upon execution, users are prompted with an error message designed to coax them into running the file a second time, completing the attack chain.

Malware attack chain
Image courtesy of Google Cloud Blog

The final payloads include GRIMPULL, XWORM, and FROSTRIFT. GRIMPULL acts as a downloader, connecting to command-and-control servers via Tor to retrieve further malicious payloads. XWORM is a remote access trojan capable of logging keystrokes and exfiltrating sensitive information, while FROSTRIFT targets cryptocurrency wallets and password manager extensions.

Exploitation of AI Trends

The rapid proliferation of AI video generation tools has created a new avenue for cybercriminals. As interest in AI tools surges, so does the opportunity for malicious actors to exploit this fascination through social engineering tactics. Mandiant highlights how these campaigns have evolved from older malware distribution methods, now leveraging AI as a lure to attract a more trusting audience.

Malicious Facebook ads
Image courtesy of Google Cloud Blog

In addition to the reported campaigns, researchers have linked similar activities involving other AI tools, indicating a broader trend of targeting emerging technologies for malicious purposes.

Impact on Organizations and Individuals

Victims of these campaigns have reported stolen credentials, cookies, and sensitive financial information, raising significant concerns about the implications for both businesses and individual users. Mandiant's analysis indicates that the threat landscape is evolving, with attackers constantly adapting their tactics to evade detection.

For organizations navigating this complex landscape, tools like GrackerAI can assist in monitoring these threats and transforming security news into strategic content opportunities. GrackerAI is designed to empower cybersecurity marketing teams by automating insight generation from industry developments, ensuring timely and relevant messaging.

As cybercriminals continue to leverage AI trends, it is vital for businesses to stay informed and proactive.

Explore GrackerAI's offerings for cybersecurity content automation and strategic marketing solutions at GrackerAI or contact us for more information.

Vijay Shekhawat
Vijay Shekhawat

Software Architect

 

Principal architect behind GrackerAI's self-updating portal infrastructure that scales from 5K to 150K+ monthly visitors. Designs systems that automatically optimize for both traditional search engines and AI answer engines.

Related Articles

2025 Nonprofit Marketing Trends: AI Strategies & Best Practices

Social media is a powerful tool for nonprofit organizations to connect with their target audiences. The evolving landscape of these platforms necessitates staying updated on best practices for optimal engagement and impact.

By Hitesh Kumawat July 23, 2025 5 min read
Read full article

Unlocking Business Potential: The Role of Chief Content Officers

Chief content officers (CCOs) are increasingly common in non-media companies, driven by the growing demand for unbranded content that resonates with consumers. Over 50 non-media companies, including Airbnb and HP, have appointed CCOs to foster authentic connections with their audiences. These roles differ significantly from traditional marketing positions, focusing on producing credible, independent content that builds trust. Angela Matusik from HP states, “This is not about steering people directly to purchase. It’s about creating long-term relationships with consumers.”

By Govind Kumar July 23, 2025 3 min read
Read full article

Revamping Corporate Sustainability: Beyond Checkboxes to Impact

Sustainability has become essential for businesses, transitioning from a secondary consideration to a core corporate strategy. Companies that view sustainability merely as a checkbox risk falling behind in today's market. A PwC survey indicates over 80 percent of consumers are concerned about climate change. As sustainability expectations shift, leaders are urged to build innovative ecosystems and enhance product offerings.

By Abhimanyu Singh July 22, 2025 3 min read
Read full article

AI Revolutionizes Content Creation in Digital Marketing & SaaS

The rise of artificial intelligence (AI) is transforming digital marketing strategies, making content creation more efficient. AI content writers provide innovative solutions for generating engaging and informative content at scale. These advancements in technology enable businesses to reach wider audiences with personalized messaging, which enhances engagement and conversion rates.

By Ankit Lohar July 22, 2025 3 min read
Read full article