Criminal hackers hack these influencer channels to promote dangerous links. Hackers have started using AI-generated faces to spruce up their scam.
AI, the cybercriminal’s new weapon. Cybersecurity firm CloudSek released a report on March 13 detailing a YouTube scam campaign using artificial intelligence video generation tools. Artificially created faces promote scam sites.
The original process is not new: hackers send fake partnership proposals to YouTubers. In their emails, there is usually a PDF with allegedly the details of the contract or the product to be tested. The latter is only a decoy, intended to install an infostealer, a malicious software which infiltrates password managers. Once the hacker steals the codes and takes control of the YouTube channel, he begins to send a salvo of scam promotions. Most often these are scam links to download popular software such as Adobe Photoshop or Premiere.
However, hackers are innovating and starting to add “animators” generated by AI to give a little more legitimacy to their scheme. We searched for some of these videos. Just type “Adobe 2023 Crack” to see thousands of fraudulent content. When owners have several thousand followers, they are hacked influencers. The faces are generated by the two most popular services currently, Synthesia and Elai.
Unsophisticated attacks
To be honest, there is very little chance that an English speaker will fall into the trap. The publicity is immediately fishy. As for the voice, it is as natural as that of Daft Punk. The artificial puppet simply says ” discover this product for free by clicking on the link below “. On the other hand, it should be noted that the majority of Youtubers attacked are Asian or Latin American. Some have several hundred thousand subscribers. Cybercriminals would therefore be active in these regions.
CloudSEK saw a 200-300% increase from November to February in videos with links to stealer malware in the description section. ” Videos lure users with fake tutorials on how to download pirated versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other paid products says Pavan Karthick M, researcher at CloudSEK.
The most popular stealers would be Raccoon, RedLine and Vidar. These malwares are available for purchase or rental. Hackers seek to grab as much data as possible and then resell it on darknet marketplaces. While these attacks are not yet very sophisticated, they provide insight into the potential for AI to be exploited by cybercriminals.
Do you want to know everything about the mobility of tomorrow, from electric cars to pedelecs? Subscribe now to our Watt Else newsletter!