Threat Actors Attacking Content Creators With Fake AI Tools to Hijack Their Devices

A recent campaign involved fake social media ads promoting “CapCutProAI,” which redirected users to sites hosting malware designed to steal sensitive information, including login credentials, cryptocurrency wallets, and browser histories, often sold on dark web forums. Similarly, hijacked social media pages impersonating popular AI tools amassed large followings before being shut down, distributing malware through malicious download links. Cybercriminals are capitalizing on the explosive growth of generative AI tools, deploying sophisticated campaigns that impersonate popular software like CapCut, Adobe Express, and Canva to distribute malware and hijack devices. ESET told Cyber Security News that once installed, attackers gain full control over devices, enabling data theft, ransomware deployment, or credential harvesting. A malicious extension posing as Google Translate, promoted through social media ads for AI tools, delivered credential-stealing malware. ESET warns that content creators are increasingly targeted through social media ads, phishing sites, and compromised platforms. Recent campaigns mimic legitimate services, such as CapCut Pro or Adobe Express, to trick users into downloading malware-laden executables disguised as video editors or design software. Attackers leverage AI-generated deepfakes and fake “premium” tool offers to steal data or gain remote access to victims’ systems. Attackers compromise channels to promote fake software tutorials or crypto scams, often using deepfake videos to mimic official content. Meanwhile, fake Canva phishing sites use the platform’s branding to host credential-stealing login pages, exploiting its reputation as a trusted design tool. For instance, a fraudulent site impersonating CapCut prompts users to upload files or enter prompts, only to deliver a remote access trojan (RAT) like AnyDesk or ConnectWise ScreenConnect instead of the promised AI tool. In one scheme, creators received collaboration offers via email, only to be directed to malware disguised as editing tools. Attackers also exploit AI voice-cloning tools to create convincing phishing messages, manipulating live calls to divert payments to fraudulent accounts. Use advanced security tools capable of detecting AI-generated deepfakes and malicious executables.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 17 Apr 2025 11:50:04 +0000


Cyber News related to Threat Actors Attacking Content Creators With Fake AI Tools to Hijack Their Devices

Latest Information Security and Hacking Incidents - Artificial Intelligence is reshaping the world of social media content creation, offering creators new possibilities and challenges. The fusion of art and technology is empowering creators by automating routine tasks, allowing them to channel their ...
1 year ago Cysecurity.news
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky
Threat Actors Attacking Content Creators With Fake AI Tools to Hijack Their Devices - A recent campaign involved fake social media ads promoting “CapCutProAI,” which redirected users to sites hosting malware designed to steal sensitive information, including login credentials, cryptocurrency wallets, and browser histories, often ...
3 weeks ago Cybersecuritynews.com
YouTube Creators Under Attack via Brand Collaborators Requests Using Clickflix Technique - Cybercriminals initiate contact via email or social media, posing as marketing representatives from established brands offering lucrative deals that require the creator to review “campaign materials” hosted on compromised domains or cloud ...
1 month ago Cybersecuritynews.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
1 month ago Cybersecuritynews.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com CVE-2023-42793 APT29
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
1 year ago Techrepublic.com
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
1 month ago Cybersecuritynews.com
8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com
Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - If you believe that the 2020 Presidential election in the United States represented the worst kind of campaign replete with lies, misstated facts and disinformation, I have some news for you. The rapid evolution of artificial intelligence and ...
1 year ago Securityweek.com
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
1 year ago Techrepublic.com
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
10 months ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966 APT28
How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
1 year ago Cyberdefensemagazine.com Hunters
Windows Incident Response: Human Behavior In Digital Forensics, pt III - Digital forensics can provide us insight into a threat actor's sophistication and situational awareness, which can, in turn, help us understand their intent. Observing the threat actor's actions helps us understand not just their intent, but what ...
1 year ago Windowsir.blogspot.com
18 Best Web Filtering Solutions - 2025 - Pros Cons Comprehensive content filtering.Cost can be high for full features.Malware and threat protection.Hardware-based solutions may require additional infrastructure.Easy to deploy and manage.Configuration complexity for advanced ...
2 months ago Cybersecuritynews.com
Privilege elevation exploits used in over 50% of insider attacks - Elevation of privilege flaws are the most common vulnerability leveraged by corporate insiders when conducting unauthorized activities on networks, whether for malicious purposes or by downloading risky tools in a dangerous manner. A report by ...
1 year ago Bleepingcomputer.com CVE-2017-0213
Automating Threat Intelligence Enrichment In Your SIEM With MISP - In conclusion, automating threat intelligence enrichment between MISP and your SIEM using Python is a transformative step for any security operations center. This article explores how to architect, implement, and operationalize automated threat ...
2 weeks ago Cybersecuritynews.com
How Kasada Counters Toll Fraud and Fake Account Creation for Enterprises - Toll fraud and fake account creation are two advanced threats that bad actors employ for massive profit. Fake Account Creation is committed by a wide range of attackers, through automating the generation of new user accounts en masse, which then get ...
1 year ago Securityboulevard.com
10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
1 month ago Cybersecuritynews.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com
The Dangers of Remote Management & Monitoring Tools for Cybersecurity - Remote monitoring and management (RMM) tools are used by business organizations to manage and monitor their enterprise IT infrastructure from a central location. However, the increasing sophistication of hackers and cybercriminals has caused both ...
2 years ago Csoonline.com
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
1 year ago Thedfirreport.com Trigona
Nation-State Threats and the Rise of Cyber Mercenaries: Exploring the Microsoft Digital Defense Report - To illuminate the evolving digital threat landscape and help the cyber community understand today's most pressing threats, we released our annual Microsoft Digital Defense Report. This year's report focuses on five key topics: cybercrime, ...
2 years ago Csoonline.com POLONIUM
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
11 months ago Microsoft.com
YouTubers extorted via copyright strikes to spread malware - In most cases seen by Kaspersky, the threat actors claim to be the original developers of the presented restriction bypass tool, filing a copyright claim with YouTube and then contacting the creator to offer a resolution in the form of including ...
2 months ago Bleepingcomputer.com

Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)