Hackers used a fake AI Midjourney Facebook page to promote malware to 1.2 million people.
ChatGPT, Gemini, Midjourney
or Sora, many content generators using artificial intelligence which are often accessible free of charge, although some of them require payment, either for access to basic functions or for options. It is precisely this free service, much sought after by users, which serves as bait for hackers to trap their victims. This is what reports Bitdefenderknown for its eponymous antivirus software, which details how hackers are exploiting the growing popularity of AI tools and social media to distribute malware to large audiences by dangling them with free trials.
THE modus operandi remains similar: take control of a Facebook page, preferably with a large number of followers, then transform it to resemble the official account of an AI service. Whether it is ChatGPT, Sora, Gemini or others, almost all are targeted, as Clubic had already reported in 2023. Among these fake pages, that of Midjourney, which allows images to be generated from text, is was recently distinguished.
Midjourney’s fake Facebook page with 1.2 million subscribers
Hackers are actively exploiting Meta’s sponsored advertising system to distribute malware. They start by taking over existing Facebook accounts, then modify information and images to make the page appear to be run by reputable AI tools. Then, they build the credibility of the page by posting AI-generated news and photos, as well as ads promising service improvements and links to free trials or upgraded versions. The aim is to trick users into clicking on malicious links and downloading malware to their devices. Although many ads encourage downloading from Dropbox or Google Drive, Midjourney’s campaign uses a different strategy.
In June 2023, a fake page called Mid-Journey AI was created on Facebook based on a hacked existing profile. Hackers published AI-generated images and posts advertising a version of the tool to install on one’s computer.
In all cases, a link is provided. Clicking on it lands on one of the multiple fake web pages imitating the Midjourney site. There is another link to retrieve the tool, except that it triggers the download of malware. The fake Facebook page remained online until March 8, 2024 and had 1.2 million followers.
4 infostealers on the hackers’ menu: Rilide Stealer, Vidar Stealer, IceRAT and Nova Stealer
Cybercriminals have established a very attractive malware distribution system thanks to the “Malware-as-a-Service” (MaaS) business model, which allows any malicious individual to carry out several attacks at once and multiply fraud.
These activities include stealing sensitive information, compromising online accounts, committing fraud, disrupting operations, or demanding a ransom after encrypting data on a compromised system.
The malicious ad campaigns analyzed by Bitdefender researchers spread various malware posing serious risks to users’ devices, data, and identities. Users who interacted with these malware-delivering ads may have unwittingly downloaded and installed harmful files on their devices: Rilide Stealer, Vidar Stealer, IceRAT (written in JPHP), and Nova Stealer.
The sponsored posts targeted men between 25 and 55 years old in several European countries, including France. It’s hard to say how many actually downloaded the malware. What is certain is that the hackers have already recreated a new page pretending to be Midjourney. On March 26, she already had 637,000 subscribers.
Source : Bitdefender
0