Beware of fake AI tools masking a very real malware threat

Generative AI (GenAI) is rapidly gaining traction around the globe, attracting not only interest but also negative attention from cybercriminals who are now exploiting this technology for malicious purposes. While discussions primarily focus on the misuse of GenAI to create convincing phishing messages or malicious code, there is a growing trend of using GenAI applications as deceptive lures or Trojan horse mechanisms for delivering malware. A notable example involved a campaign that duped Facebook users into attempting to access a fake version of Google’s legitimate AI tool, “Bard,” which instead led to a malicious imitation.

These cyber threats are concerning and are likely to persist, compelling users to understand the tactics employed by cybercriminals, identify potential warning signs, and take necessary precautions to safeguard their identities and finances. The criminals utilize various strategies to trick users into unwittingly installing malware disguised as GenAI applications.

One prevalent method is the creation of phishing websites. In the latter half of 2023, reports indicated that ESET had thwarted over 650,000 access attempts to malicious domains containing terms like “chapgpt.” Victims are often directed to these sites through links on social media or unsuspecting email messages, where they may inadvertently download malware masquerading as GenAI software.

Another method involves malicious web browser extensions. ESET’s H1 2024 threat report highlighted a deceitful extension that users were tricked into installing through Facebook ads, which promised access to official sites for OpenAI’s Sora or Google’s Gemini. This extension, which presented itself as Google Translate, was actually an infostealer, “Rilide Stealer V4,” that aimed to gather Facebook credentials from users.

Furthermore, numerous fraudulent GenAI mobile applications have surfaced in mobile app stores, often embedded with malware aimed at stealing sensitive information. These fake apps typically promise advanced capabilities but instead bombard users with unsolicited ads or push in-app purchases for services that do not deliver on their promises.

Malicious advertising is another tool in the cybercriminal’s arsenal, exploiting the popularity of Generative AI to lead users astray. Many scams operate through compromised Facebook accounts or pages masquerading as official GenAI brands, running ads linking to counterfeit versions of widely recognized tools that deploy infostealer malware instead.

Cybercriminals rely on human psychology, utilizing social engineering tactics to manipulate users into clicking links or downloading malicious applications. Exploiting factors like urgency, curiosity, and the allure of free offers, these bad actors craft enticing narratives that prompt users to act without careful consideration.

As these schemes become more sophisticated, cybercriminals regularly update their tactics and payloads to avoid detection by security software, while ensuring their malicious content mimics the authentic appearance of GenAI offerings. The risks associated with downloading such malware can lead to severe consequences, including identity theft, financial loss, unauthorized access to personal data, and even targeted attacks on organizations through compromised credentials.

To mitigate the risks of falling victim to malicious GenAI lures, users can adopt several best practices. First, they should exclusively download applications from official app stores, which typically have stricter vetting processes. It is crucial to verify the developers behind apps and scrutinize user reviews before proceeding to download anything.

Users should be cautious when interacting with digital ads, especially on social media, by directly searching for apps rather than clicking on potentially harmful links. When considering browser extensions, thorough research on developers and reading reviews can protect against security risks, while comprehensive security software can offer real-time protection against various online threats.

Moreover, users should remain vigilant against phishing attempts by verifying the identities of senders and enabling multi-factor authentication (MFA) on online accounts to ensure the security of personal data. Keeping abreast of official channels regarding GenAI developments can help confirm the validity of offers before taking any action.

In conclusion, while GenAI has the potential to significantly impact various domains positively, users must remain cautious and informed to prevent malicious actors from compromising their safety and security.