Fake AI Video Generators Stole Data From Windows, macOS

Security researchers have uncovered a new cybercrime campaign that uses fraudulent websites to distribute malware, Lumma Stealer and AMOS, on Windows and macOS devices, respectively (via BleepingComputer).

These malicious programs aim to steal cryptocurrency wallets andย cookies, credentials, saved passwords, credit card details, and browsing histories from popular browsers like Google Chrome, Microsoft Edge, and Mozilla Firefox.

The stolen data is compiled into an archive and transmitted to the attackers, who may exploit it for additional cyberattacks or sell it on underground marketplaces.

According to cybersecurity expert g0njxa, the attackers promote fake websites impersonating an AI (artificial intelligence) video and image editor called EditPro through search engine results and advertisements on X (formerly Twitter).

Some of these ads feature deepfake political videos, such as President Biden and Trump enjoying ice cream together, to draw attention.

How The Campaign Works

When you click the images, you are taken to two websitesโ€”editproai[.]pro and editproai[.]org for the EditProAI applicationโ€”which were created to push Windows and macOS malware, respectively.

These sites are designed to appear credible, featuring professional layouts and ubiquitous cookie banners.

However, clicking on the “Get Now” links will download malware-laden files that are faking to be the EditProAI application.

Windows file: “Edit-ProAI-Setup-newest_release.exe” ย [VirusTotal]

macOS file: “EditProAi_v.4.36.dmg” [VirusTotal]

The Windows malware is reportedly digitally signed using a stolen code-signing certificate from Softwareok.com, a legitimate freeware developer. Once downloaded, the malware transmits stolen data to a server located at “proai[.]club/panelgood/,” where attackers can retrieve it later, g0njxa says.

A report from AnyRun, a sandbox malware analysis service, confirmed that the Windows variant is Lumma Stealer.ย 

Potential Impact On Users

Those users who have installed these malicious tools in the past are at significant risk of compromise and are advised to reset them with unique passwords at every site visited immediately.

It is recommended that users enable multi-factor authentication for sensitive accounts, such as email services, online banking, and cryptocurrency platforms.

Additionally, one should be vigilant when downloading software, especially from unfamiliar sources, to avoid falling victim to these evolving threats.

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!
spot_img

Read More

Suggested Post