A recent campaign involved fake social media ads promoting “CapCutProAI,” which redirected users to sites hosting malware designed to steal sensitive information, including login credentials, cryptocurrency wallets, and browser histories, often sold on dark web forums. Similarly, hijacked social media pages impersonating popular AI tools amassed large followings before being shut down, distributing malware through malicious download links. Cybercriminals are capitalizing on the explosive growth of generative AI tools, deploying sophisticated campaigns that impersonate popular software like CapCut, Adobe Express, and Canva to distribute malware and hijack devices. ESET told Cyber Security News that once installed, attackers gain full control over devices, enabling data theft, ransomware deployment, or credential harvesting. A malicious extension posing as Google Translate, promoted through social media ads for AI tools, delivered credential-stealing malware. ESET warns that content creators are increasingly targeted through social media ads, phishing sites, and compromised platforms. Recent campaigns mimic legitimate services, such as CapCut Pro or Adobe Express, to trick users into downloading malware-laden executables disguised as video editors or design software. Attackers leverage AI-generated deepfakes and fake “premium” tool offers to steal data or gain remote access to victims’ systems. Attackers compromise channels to promote fake software tutorials or crypto scams, often using deepfake videos to mimic official content. Meanwhile, fake Canva phishing sites use the platform’s branding to host credential-stealing login pages, exploiting its reputation as a trusted design tool. For instance, a fraudulent site impersonating CapCut prompts users to upload files or enter prompts, only to deliver a remote access trojan (RAT) like AnyDesk or ConnectWise ScreenConnect instead of the promised AI tool. In one scheme, creators received collaboration offers via email, only to be directed to malware disguised as editing tools. Attackers also exploit AI voice-cloning tools to create convincing phishing messages, manipulating live calls to divert payments to fraudulent accounts. Use advanced security tools capable of detecting AI-generated deepfakes and malicious executables.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 17 Apr 2025 11:50:04 +0000