Creating videos with AI is currently a matter of caution. A worrying number of fake, infected software programs are installing dangerous malware. Hackers are no longer hesitant to advertise them on social media.
It's a constant: the hottest trends are a godsend for cybercriminals. The latter can indeed reach a large number of Internet users more easily. New technologies such as video creation via AI are even more effective vectors. Since hackers can play on the free nature of services (most legitimate services offer third-party subscriptions). But also the rather vague perception of the available offer.
It is in this context that the site Mophisec reveals that a vast malicious campaign is currently surfing on the creation of videos using AI. Criminals begin by creating convincing sites that promise to generate such videos. Before advertising it through viral advertising campaigns on social networks or Facebook groups promising links to free access to video generators.
Don't be fooled by the ads circulating on Facebook
One of these, explains Mophisec, for example, garnered up to 62,000 views on a post linking to a site designed solely for malicious purposes. On the same social network, inserts, also linking to infected sites, make tempting promises. For example, converting a photo of a dress into an attractive, realistic video – where it is worn by a person generated by AI.
If the Internet user clicks on these links and attempts to use the services built by the hackers, everything happens as if the service were legitimate. A few moments later, they download what looks very much like a video, except for one detail: its file extension is .mp4.exe. Enough to try to hide the fact that it's a program and not a simple video.
When launched, the program discreetly installs dangerous malware. Notably Noodophile, sometimes accompanied by Xworm. Noodophile is an extremely efficient data stealer – it sucks up everything from cookies to passwords to the crypto you store on your PC. Hackers then retrieve all this valuable information via a Telegram account.
The threat could persist for some time
If infected via XWorm, a Trojan horse, hackers gain full access to their victim's machine. Web platforms aren't the only ones these malicious actors rely on to infect as many victims as possible. These latter also distribute corrupted versions of software known as CapCut with the same purposes.
Protecting yourself against this wave of scams is more a matter of common sense. First, avoid clicking on advertisements offering such services, and more generally, always check the extension of what you download. Using up-to-date antivirus software also allows you to detect most threats, including the one currently underway. Several sites and campaigns have since been discovered.
But this trick remains very attractive to cybercriminals – who should therefore continue to exploit it in the coming months.
0 Comments