Hackers are reportedly using a new tactic to promote fake AI services like OpenAI’s Sora, DALL-E and Midjourney. Riding on the AI bandwagon, threat actors are using Facebook’s Sponsored ad system to lure unsuspecting users and infect their systems with password-stealing malware. These malware advertising campaigns involve hijacking existing Facebook pages to impersonate popular AI services that claim offer a sneak peek of upcoming features.
Users who click on these ads are asked to join Facebook communities, where hackers share news and AI-generated pictures to make them look legitimate. Hackers then make community posts, claiming to offer limited-time access to upcoming AI services. These fake community posts are packed with links to Windows executables that are packed with viruses like Rilide, Nova, Vidar and IceRAT.
The fake Midjourney page was taken down last month. (Image Source: Bitdefender)
For those not in the know, these malware are known for stealing sensitive information like stored credentials, cryptocurrency wallet information, autocomplete data, credit card information and cookies. This information is then either sold on the dark web or used by the attackers themselves to steal money or use the account to promote more scams.
While most of these fake Facebook pages have thousands of members, according to researchers at Bitdefender, a Facebook page that impersonated the popular AI-powered text-to-image generator Midjourney had more than 1.2 million followers. The researchers suggest the page was active for around a year before it was disabled by Meta.
Instead of creating new pages, hackers often resort to hijacking existing pages. Many posts on these pages contained links to download the desktop version of Midjourney. For those not in the loop, Midjourney is a cloud-based AI service that can only be accessed via the official Discord channel.
Hackers are using Facebook’s sponsored advertising system to promote these pages. (Image Source: Bitdefender)
Some posts also claim that users can create NFTs with Midjourney and that they can monetise these art creations. In the case of the fake Midjourney page, Bitdefender researchers noted that these packages were distributed via a legitimate-looking website that cloned the official Midjouney landing page.
While Meta has now taken down the page, hackers have already hijacked new pages, some of which have more than 6,00,000 members. Cybercriminals have been engaging in fraudulent ad campaigns that impersonate popular AI services since June 2023.
How to stay safe from such scams
Popular AI services like Midjourney, ChatGPT, Sora and DALL-E are only available online and have no desktop version, so if you come across a post that lets you download these tools, chances are pretty high it’s fake.
Avoid opening unknown and suspicious-looking links, pop-ups or downloading files from untrusted sources. If you think a virus has infected your system, consider installing an anti-virus solution and enable two-factor authentication to prevent threat actors from accessing your online accounts.
