Passwords, financial info and other stolen data from this fake AI tool is sent right back to hackers
Threat actors have been using links to fake AI image and video generators to steal login credentials and browsing history from infected Windows PCs and Macs
As reported by BleepingComputer and first discovered by cybersecurity researcher gonjxa on X, these fake apps are being spread through both search results and ads on the social media platform showing political deepfakes. The malicious links they contain lead to very professional appearing websites purporting to be for the fake AI image and video editing software application EditProAi.
Though it feels legitimate and even looks so at first glance, the download link for this fake AI app actually contains malware, namely the Windows variant of Lumma Stealer on PC and the macOS version of AMOS on Apple computers.
The malware itself attacks Chromium-based browsers to steal credentials, passwords, credit cards, cookies and browsing history, as well as cryptocurrency. Google Chrome, Microsoft Edge, Mozilla Firefox, Opera and Samsung Internet are all among the affected browsers.
Data is then archived and sent back to the attackers where it can be sold on the dark web or used in further attacks. The PC malware used in this campaign leverages a stolen code signing certificate from the freeware utility developer Softwareok.com to help it bypass Microsoft's built-in defenses.
If you've downloaded and installed this program, all of your authentications, saved passwords and crypto wallets should be considered compromised. Every site you visited after installing it should have its password reset with a strong, unique password. Likewise, any online banking or email services you visited with it installed on your computer need to be secured by using 2FA or multi-factor authentication if you haven't done so already.
It's been said before but it bears repeating: you can never be too safe online. Whether it's a new game or an AI image generator, if something seems too good to be true, it almost certainly is. That's why you want to stick with known sites, services and in this case, AI tools like the ones on our list of the best AI image generators.
You also obviously will want to have strong protection against viruses on your Mac or PC, so make sure you have the best antivirus software on your PC and the best Mac antivirus software on your Apple computer. This ensures that malware is detected and blocked from infecting your machine which prevents your sensitive personal and financial data from being stolen by hackers in the first place.
At the same time, you want to stick to known sites and services with a good reputation and background, when in doubt, use Google or another reputable search engine for background information and reviews. And for the love of Dolly Parton, don't just click on any link from social media or share your personal info all over the internet. If you do, you're just asking for trouble and you could even end up becoming a victim of identity theft.