CyberSecurity news
FlagThis
djohnson@CyberScoop
//
Mandiant, in collaboration with Google Cloud, has uncovered a cybercriminal campaign exploiting public interest in AI video generation. A group tracked as UNC6032, believed to be based in Vietnam, is spreading malware through fake advertisements, websites, and social media posts that promise access to popular prompt-to-video AI tools like Luma AI, Canva Dream Lab, and Kling AI. These malicious campaigns are designed to trick users into downloading infostealers and backdoors, compromising their devices and data.
UNC6032 has successfully reached millions of users across various social media platforms, including Facebook and LinkedIn, with thousands of malicious ads. These advertisements lure victims to phishing pages disguised as legitimate AI video generators. When users click on the "Start Free Now" button, they are led through a bogus video generation interface. After watching a fake loading bar, the site delivers a ZIP file containing malware. Once executed, this malware backdoors the victim's device and steals sensitive information.
Compromised users have experienced the theft of login credentials, cookies, credit card data, and even Facebook information. Mandiant's research indicates that this scheme impacts a wide range of industries and geographic areas. Researchers caution users to be wary of advertisements promising free access to premium software and to verify the legitimacy of video sources before running any PowerShell scripts or downloading files from unknown URLs.
References :
UNC6032 has successfully reached millions of users across various social media platforms, including Facebook and LinkedIn, with thousands of malicious ads. These advertisements lure victims to phishing pages disguised as legitimate AI video generators. When users click on the "Start Free Now" button, they are led through a bogus video generation interface. After watching a fake loading bar, the site delivers a ZIP file containing malware. Once executed, this malware backdoors the victim's device and steals sensitive information.
Compromised users have experienced the theft of login credentials, cookies, credit card data, and even Facebook information. Mandiant's research indicates that this scheme impacts a wide range of industries and geographic areas. Researchers caution users to be wary of advertisements promising free access to premium software and to verify the legitimacy of video sources before running any PowerShell scripts or downloading files from unknown URLs.
Share:
References :
- cyberscoop.com: Mandiant flags fake AI video generators laced with malware
- PCMag UK security: Warning AI-Generated TikTok Videos Want to Trick You Into Installing Malware
- Threats | CyberScoop: Mandiant flags fake AI video generators laced with malware
- cloud.google.com: Google Mandiant Threat Defense investigates a UNC6032 campaign that exploits interest in AI tools. UNC6032 utilizes fake “AI video generator†websites to deliver malware leading to the deployment of Python-based infostealers and several backdoors.
- Malwarebytes: Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware
- hackread.com: Fake AI Video Tool Ads on Facebook, LinkedIn Spread Infostealers
- www.techradar.com: Millions of users could fall for fake Facebook ad for a text-to-AI-video tool that is just malware