Cybercriminals Hijack AI Hype to Spread Malware in Deceptive Social Media Campaigns

In a disturbing trend uncovered by Bitdefender Labs, malicious actors are weaponizing the growing fascination with AI to spread sophisticated malware. These attackers are launching “malvertising” campaigns on social media, masquerading as popular AI services like Midjourney, DALL-E, and ChatGPT to trick unsuspecting users.

Bitdefender’s latest findings highlight a disturbing trend where AI’s capabilities are harnessed not for innovation but for deception. Cybercriminal groups have adeptly incorporated AI into their arsenal, enhancing their schemes to prey on unsuspecting users across social media platforms. From stream-jacking attacks on YouTube to audio deep fakes on Meta’s platforms, the scope of AI-powered illicit operations is vast and multifaceted.

Image: Bitdefender

The heart of the issue lies in sponsored malvertising campaigns that impersonate popular generative AI software like Midjourney, Sora AI, DALL-E 3, Evoto, and ChatGPT 5, among others. These campaigns cunningly mimic official pages, enticing users to download what they believe to be legitimate desktop versions of these AI tools. However, the endgame is far more sinister, with links leading to webpages that siphon off sensitive information from compromised systems—ranging from credentials to credit card and crypto wallet information.

Cybercriminals begin their campaigns by commandeering Facebook profiles, transforming them to appear as if they’re run by renowned AI-based image and video generators. Through a mix of news, AI-generated photos, and enticing ads, these pages gain legitimacy, effectively duping users into clicking malicious links. Notably, these operations have been particularly rampant across Europe, targeting countries like Germany, Poland, Italy, France, and Spain, among others.

One egregious example was a Facebook page impersonating Midjourney, which boasted 1.2 million followers and was active for nearly a year until its takedown on March 8, 2024. This particular campaign was designed to target male users aged 25 to 55, reaching approximately 500,000 individuals in Europe.

At the core of these campaigns are four notorious info stealers distributed through Malware-as-a-Service (MaaS): Rilide Stealer, Vidar Stealer, IceRAT, and Nova Stealer. These malicious tools represent a buffet of cybersecurity threats, enabling cybercrooks to conduct sophisticated and cost-efficient attacks. The updated Rilide Stealer V4, for instance, has been specifically engineered to target Chromium-based browsers, capturing login credentials and even circumventing two-factor authentication to raid crypto funds.

The rise in info-stealer activity underscores a critical vulnerability in our digital ecosystem. Cybercriminals have become adept at using every tool at their disposal, from email spam to seemingly legitimate apps and Google search advertising, to ensnare victims. The transition to leveraging AI-powered software for malvertising campaigns represents a significant escalation in the sophistication of these threats.

How to Protect Yourself

• Verify Sources: Download software only from the official websites of trusted AI tools. Never click on links within ads, especially those promising free or heavily discounted versions.
• Scrutinize Social Media: Be wary of social media accounts that suddenly shift their focus to heavily promoting AI services. Look for verified badges and check for any inconsistencies.
• Keep Systems Updated: Always install the latest security patches for your operating system and browsers to close potential vulnerabilities.
• Robust Security Solutions: Invest in reliable antimalware software with real-time monitoring to block dangerous downloads and activity.