Fake AI video generators are being used to hack Windows and macOS devices

An abstract image of padlocks overlaying a digital background.
(Image credit: Shutterstock) (Image credit: Shutterstock)

  • Security researchers discover ad campaign for a piece of fake software
  • Software was advertised as an AI-powered photo and video editor
  • In reality, it was distributing the AMOS and Lumma Stealer malware

Hackers are hiding infostealers and other malware behind fake AI-powered photo and video editors, experts have claimed.

A cybersecurity researcher alias g0njxa found a socail media advertising campaign promoting the malware, posing as a fake editor called EditPro, and propped up an accompanying website editproai[dot]pro.

Then, they created deepfake videos of Presidents Trump and Biden enjoying ice cream together, and used them in ads posted on social media sites such as X. The fake editors were built for both Windows and macOS, but anyone who falls for the trick and downloads the program, will end up installing either Lumma Stealer or AMOS.

Lumma and AMOS

Lumma Stealer is a malware-as-a-service (MaaS) tool designed to steal sensitive information, including login credentials, cookies, browsing history, credit card data, and cryptocurrency wallet details.

The malware employs sophisticated techniques like process injection and encrypted communications with command-and-control servers, making it challenging to detect and mitigate. It has been active since 2022, with frequent updates enhancing its evasion and data theft strategies.

AMOS, short for Attack Management and Operations System, is a platform that enables threat actors to manage malware campaigns with minimal technical skills. It acts as a command-and-control (C2) system, and provides tools for deploying malware, managing infected systems, and exfiltrating stolen data.

It is typically used to coordinate large-scale attacks, automating many aspects of the cybercriminal workflow.

If you downloaded the fake EditPro software, assume that all of your passwords, and sensitive information stored on the device, are compromised. As such, make sure to first remove any traces of the malware from the computer, before updating all passwords and other sensitive data. Enable 2FA wherever possible, and move your cryptos and NFTs to a new wallet with a new seed phrase.

Via BleepingComputer

You might also like

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.