Mandiant, a Google subsidiary specializing in cybersecurity, has discovered a massive malicious advertising campaign on social media. To trick Internet users, hackers impersonate services largely based on generative AI, such as popular tools like video generators. Among the most impersonated tools are Luma AI, Kling AI, and Canva Dream Lab.
Fake ads are massively propagated on social media, especially on Facebook and Linkedin, Microsoft's professional network. Thousands of malicious ads have been identified on both platforms. This campaign has been active "since at least mid-2024" and has affected "victims in different geographies and industries."
Researchers believe that "similar campaigns are likely to be carried out" on other sites, which should encourage users to be extremely cautious. Hackers are exploiting "the popularity of AI tools and have linked them to malicious ads to promote them," explains Yash Gupta, manager at Mandiant. He adds that a "well-designed website, masquerading as a legitimate AI tool, can pose a threat to both individuals and organizations.".
How do fake ads spread viruses?
If the user makes the mistake of clicking on an ad, a malicious site will open on their device. This will imitate the features offered by AI services. In short, the fake site will offer the target the option of generating a video using generative artificial intelligence. It will then offer to download the creation. This is where the hackers trick users. Instead of downloading the promised sequence, Internet users will download viruses. These are essentially malware designed to steal personal data or insert backdoors. These backdoors will guarantee persistent access to cybercriminals. The operation primarily aims to extract information from victims, such as "login credentials, credit card data, and other sensitive information." In this scenario, the data is sold, sometimes for high prices, on criminal markets on the dark web. The information can also be used to develop sophisticated scams, such as phishing attacks. Mandiant points out that credential theft is still the second most common way hackers break into a computer system. Most cyberattacks begin with the theft of personal data. To combat the scourge of malicious ads, Mandiant has partnered with Facebook and LinkedIn. It turns out that Meta, Facebook's parent company, had already begun removing ads last year, well before Mandiant's alert. Unfortunately, cybercriminals are not discouraged. Every day, new ads are posted online by hackers. That's why "users should be cautious when interacting with seemingly innocuous ads and the websites they link to," says Yash Gupta.
Behind the campaign is a hacking gang from Vietnam, UNC603. Information about the cybercriminals is still limited. The group is known for stealthy, low-profile operations aimed at stealing information from entities in North America and Europe.
Source: Mandiant
0 Comments