The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators.
Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims. Highly focused on enhancing their deceptive practices, threat actors have, unfortunately, found a most reliable and powerful ally in artificial intelligence.
Bitdefender researchers are keeping a close eye on these deceptive efforts and exploits regarding the rising popularity of generative artificial intelligence software to keep consumers aware and help protect their devices, data and money.
Over the past year, Bitdefender Labs has seen a motley crew of AI-powered illicit operations conducted by threat actors over social media, from stream-jacking attacks that delivered crypto-doubling schemes on YouTube to audio deep fakes that overflow on Meta’s social platforms.
This paper focuses on nefarious activities that take advantage of the demand and supply of some of the most popular generative AI software to attack users from across the globe.
Threat actors are actively spreading malware through Meta’s sponsored ad system.
The malicious campaigns begin with cybercriminals taking over an existing Facebook account. Once compromised, the crooks begin to change descriptions and cover and profile photos, making the page seem as if it is run by well-known AI-based image and video generators.
The cybercriminals then begin boosting the legitimacy of the page with news, AI-generated photos and advertisements that contain descriptions of enhancements of the impersonated AI service and links that give users free access or trials for the tool.
The point of the malicious campaign is to trick individuals into accessing a malicious link and downloading malware onto devices.
Although many of the malicious ads inspected by Bitdefender researchers urged individuals to download the purported new version of the AI tool from Dropbox and Google Drive links – which is undoubtedly a huge red flag – the campaign impersonating Midjourney used a different approach.
Cybercriminals created over a dozen malicious websites mimicking the official Midjourney landing page to lure users into downloading the latest version of the service via a GoFile link.
Cybercriminals have created a highly engaging distribution system for malicious software through the Malware-as-a-service (MaaS) business model that enables any malicious individual to conduct sophisticated and cost-efficient attacks and other nefarious activities.
This includes stealing sensitive information, compromising online accounts, committing fraud, disrupting operations, or demanding ransom after encrypting data on a compromised system.
The malvertising campaigns analyzed by our researchers have been distributing an assortment of malicious software that poses severe risks to consumers’ devices, data and identity. Users who’ve interacted with the malware-serving ads could have unknowingly downloaded and deployed harmful files onto their devices: Rilide Stealer, Vidar Stealer, IceRAT (written in JPHP) and Nova Stealer.
Researchers at Bitdefender Labs have spotted an updated version of the Rilide Stealer (V4) in various sponsored ad campaigns impersonating AI-based software or photo editors including Sora, CapCut, Gemini AI, Photo Effects Pro and CapCut Pro.
The malware known as Rilide is a malicious extension that targets Chromium-based browsers, including Google Chrome, Opera, Brave and Microsoft Edge, and enables threat actors to monitor browsing history, capture login credentials, and even withdraw crypto funds by bypassing 2FA through script injections.
What’s new for Rilide V4:
Indicators of compromise
Malicious hashes
The malicious application that poses as AI-related software (although it mixes different LLMs, such as OpenAI, Sora, or Gemini, throughout its files) installs a browser extension that steals credentials, tokens, and cookies from Facebook accounts.
Folder contents:
New Folder #%d1
New Folder #%d2
nmmhkkegccagdldgiimedpic
install.cmd logo.ico
Microsoft.VisualC.Dll
OpenAI Sora official version setup.msi
System.Deployment.dll
System.Web.DynamicData.Design.dll
manifest.json:
content.js:
background.js: The file is too large and obfuscated to include it here. It appears to steal credentials, tokens, cookies, etc. It also contains multiple references to financial accounts/wallets.
ru.ps1
1. Attempts to stop the processes of the following browsers: Chrome, Edge and Brave
2. Opens the following URL: "hxxps://gemini[.]google[.]com/app" (to appear legitimate) using the three browsers (if they are installed), while also loading the malicious extension.
It seems that the purpose is to open "Gemini" to trick the user (believing it is a legitimate application), but the main purpose is to use the extension to steal sensitive information from Facebook.
install.cmd
XLSX files
The purpose of these files is unclear at the moment - they appear to contain Facebook account names, alongside with specific monetary information and more - partially included in the screenshots below:
88kus.xlsx
account_manager (20).xls
Indicators of Compromise
Vidar is another prolific infostealer sold by the same malware-as-a-service model through ads and forums on the dark web and Telegram groups. The stealer can exfiltrate personal information and crypto from compromised devices.
The distribution system of Vidar Stealer has evolved across the years, from traditional spam campaigns and cracked software to malicious Google Search ads. And now It’s making rounds on social media platforms and delivered through sponsored ads on Meta’s platform.
Indicators of Compromise
Malicious hashes
Despite its name, this malicious software operates more like a backdoor than a remote access Trojan on the compromised device. IceRAT infections act as a gateway for secondary infections such crypto miners and information stealers that latch onto login credentials and other sensitive information from victims.
Indicators of Compromise
Malicious hashes
A new entry on the threat landscape is Nova Stealer, an intrusive and highly proficient info stealer with numerous capabilities, including password exfiltration, screen recordings, discord injections, and crypto wallet hijacking, among others. The malicious payload is offered as Malware-as-a-Service by the threat actor, who goes by the handle Sordeal.
Indicators of Compromise
Malicious hashes
AI tools are all over the internet. Some are free, some offer free trials, and others run on a subscription plan. Enter Midjourney, one of the most prominent generative AI tools that lets users craft images from text inputs.
With a growing user base of over 16 million as of Nov. 2023, Midjourney has been a fan-favorite among cybercriminal gangs as well over the past year.
Since at least June 2023, cybercriminals have conducted massive ad campaigns impersonating the AI-powered art generator to serve malware to unsuspecting users.
Just a single Facebook page using the name Mid-Journey AI with a following of 1.2 million had an ad reach of over 500,000 individuals in Europe before being taken down on March 8, 2024.
Note: It’s unclear if Meta took down the impostor page following multiple reports by victims or official Midjourney developers.
The malicious page with 1.2 million followers appears to have been taken over on June 28, 2023, when the attackers changed the original name of the compromised Facebook profile page. The individuals managing the page were spread worldwide, according to information from our researcher’s analysis.
Before the demise of the impostor Midjourney page on Facebook, Bitdefender Labs had a chance to carefully inspect and catalog the malicious advertisement campaigns running through it.
At first glance, it appears that the cybercriminals behind the campaign invested time and resources to boost the popularity and reach of the malicious page, posting highly engaging content expanded by hundreds of likes and user comments. Again, we can’t confirm whether all of the AI-generated images showcased in their ads were stolen from different content creators and other official websites.
The threat actors went above and beyond to tailor their ads, showcasing their creative side with custom ads for France, Germany, and Spain that featured AI-reimagined images of national mascots.
Other ads attempt to lure users interested in the NFT marketplace with a chance to create NFT art and even monetize their generated images after minting their artwork through a blockchain.
Although the imposter page boasting over 1.2 million followers was recently shut down, our research has shown that cybercriminals acted quickly to set up a new page impersonating Midjourney between March 8-9, 2024. The page was also set up after taking over another user’s Facebook account, who also commented in the review section of the page warning other users that the account was hacked. Since we began our investigation, we noticed an additional four Facebook pages attempting to impersonate Midjourney, some of which were also removed from the platform.
The latest malicious page impersonating Midjourney appears to have been taken over by the attackers on March 18 when the cybercriminals changed the original name of the original Facebook page. As of March 26, the scam profile has 637,000 followers (as seen below).
MidJourney Fake Website
Indicators of compromise
Malicious Domains
Info-stealer activity has risen sharply over the past couple of years, with cybercrooks propagating stealer attacks through email spam, legitimate-looking apps, Google search advertising and other schemes over social media.
The success of malicious data stealers that exfiltrate sensitive information from web browsers, emails, messaging apps, and even crypto wallets works seemingly on a malware-as-a-service model, allowing even the most low-level cybercrook to conduct elaborate attacks.
An up-to-date, complete list of indicators of compromise is available to Bitdefender Advanced Threat Intelligence users. Currently known indicators of compromise can be found in the dedicated list below: