Fake AI Tools on Facebook & LinkedIn Deliver Malware

Cybercriminals are now exploiting the surge in AI interest by pushing fake "AI video generator" tools through malicious ads on platforms like Facebook and LinkedIn. 
  
Researchers at Mandiant have identified a widespread campaign, active since November 2024, utilizing over 30 phishing websites designed to mimic legitimate tools such as Luma AI, Canva Dream Lab, and Kling AI.
 
These deceptive tools are engineered to deliver malware, including potent information stealers and backdoors. 
 
Users are tricked into downloading malicious executables, thinking they are installing AI video generators. 
 
To evade detection, the attackers constantly rotate their domains and create new ads daily, often leveraging compromised or freshly created social media accounts to propagate the threat.

Upon initial infection, victims unknowingly install the Starkveil dropper (Trojan.Crypt). 
 
This malware cleverly feigns a malfunction, prompting users to run it a second time, which then completes the system compromise. 
 
Following this, it deploys XWorm, Frostrift, and GRIMPULL malware, designed to steal sensitive data and establish persistent remote access to the compromised device.
 
How to Protect Yourself:

• Avoid Suspicious Links: Do not click on AI tool links found in social media ads or comments.

• Official Sources Only: Always download AI software exclusively from verified, official websites.

• No Unofficial Executables: Never download executable files from unofficial or untrusted sites.

• Utilize Security Software: Ensure your antivirus and web protection tools are always up-to-date.

• Be Skeptical: Distrust urgent offers, demands for crypto payments, or suspicious-looking URLs.

Staying cautious and well-informed is crucial as these sophisticated scams specifically target users eager to explore cutting-edge AI technologies. 

Ms. S Mohini Ratna - Editor VARINDIA