As artificial intelligence (AI) becomes more popular and accessible, millions of people are now using AI tools every day. From brainstorming and drafting text to creating art, music, or transforming photos into videos.
But with the availability of these useful tools does come new risks.
Researches at Morphisec have discovered inauthentic AI video generating platforms set up and designed specifically to trick users into effectively downloading malware.
Attackers are capitalizing on the buzz around AI by creating convincing fake websites and social media pages that promise free, cutting-edge AI content creation. These fake sites often appear legitimate, sometimes promoted through popular Facebook groups or viral social media posts that attract thousands of views.
For example, a fake site might claim to offer a free AI video generator or photo editor. Users are asked to upload their images or videos, believing they will receive a custom AI-generated output. Instead, what they download is malicious software.
The Hidden Dangers
Once a user uploads their files and clicks to download the “processed” content, they unknowingly install malware. One of the main threats involved is a new type of malware called Noodlophile Stealer. This malicious program can steal sensitive information like browser passwords, cryptocurrency wallets, and tokens. Sometimes, it even installs a Remote Access Trojan (RAT), which allows hackers to take full control of the infected device.
How Do They Work?
These cybercriminal campaigns often use social media groups and fake websites that mimic real AI services. A typical flow would involve:
- Fake Social Media Posts: These promote fake AI tools, attracting users looking for free content creation options.
- Fake Websites: Users are directed to websites that look legitimate but are designed to deceive.
- Uploading Files: Users upload their photos or videos, expecting AI-generated content.
- Distributing Malicious Files: Instead of a real video or image, users download a disguised malicious file, often named to look like a regular video (e.g., “VideoDreamAI.mp4.exe”).
- Malware Activation: When run, this file installs malware that can steal data or give hackers access to the infected system.
Its Stealthiness
The malware uses a multi-layered approach to hide itself from discovery:
- It disguises itself as legitamate or known video editing software.
- It’s signed with a fake digital certificate to seem trustworthy to systems.
- It contains several hidden components that load malicious code into memory, making detection difficult.
- It downloads and executes scripts from remote servers to fetch additional malware payloads.
One of these payloads, called Noodlophile, is designed specifically for stealing sensitive information. Another component, called XWorm, can replicate itself to other devices, increasing its reach.
Researchers suggest that the developers of this malware are based internationally, and are offering their malicious tools through underground marketplaces as part of malware-as-a-service (MaaS). This means others can buy or rent this malware to carry out their own attacks.
Why Should You Be Careful?
Fake AI tools are everywhere. Be skeptical of websites or social media posts offering free AI content creation.
Never upload files, or sensitive files, to untrusted sites. If needed, always use reputable platforms and avoid clicking on suspicious links
Be cautious of downloads: Files with misleading names or extensions (like “.mp4.exe”) are often malicious.
Keep your security software up to date: Modern antivirus and anti-malware tools can detect many of these threats.
Stay Safe in the AI Age
While AI offers exciting possibilities, cybercriminals are constantly finding new ways to exploit it for their own gain. Awareness and caution are your best defenses. Always verify the authenticity of AI tools and platforms, and avoid downloading files from unknown sources.
By staying informed and cautious, you can enjoy the benefits of AI technology while keeping your devices and personal data safe.
Leave a Reply