One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8630530 |
| Date de publication | 2024-11-17 19:30:10 (vue: 2024-12-27 09:08:19) |
| Titre | Fake AI Video Generators Stole Data From Windows, macOS |
| Texte | Security researchers have uncovered a new cybercrime campaign that uses fraudulent websites to distribute malware, Lumma Stealer and AMOS, on Windows and macOS devices, respectively (via BleepingComputer).
These malicious programs aim to steal cryptocurrency wallets and cookies, credentials, saved passwords, credit card details, and browsing histories from popular browsers like Google Chrome, Microsoft Edge, and Mozilla Firefox.
The stolen data is compiled into an archive and transmitted to the attackers, who may exploit it for additional cyberattacks or sell it on underground marketplaces.
According to cybersecurity expert g0njxa, the attackers promote fake websites impersonating an AI (artificial intelligence) video and image editor called EditPro through search engine results and advertisements on X (formerly Twitter).
Some of these ads feature deepfake political videos, such as President Biden and Trump enjoying ice cream together, to draw attention.
How The Campaign Works
When you click the images, you are taken to two websites-editproai[.]pro and editproai[.]org for the EditProAI application-which were created to push Windows and macOS malware, respectively.
These sites are designed to appear credible, featuring professional layouts and ubiquitous cookie banners.
However, clicking on the “Get Now” links will download malware-laden files that are faking to be the EditProAI application.
Windows file: “Edit-ProAI-Setup-newest_release.exe” [VirusTotal]
macOS file: “EditProAi_v.4.36.dmg” [VirusTotal]
The Windows malware is reportedly digitally signed using a stolen code-signing certificate from Softwareok.com, a legitimate freeware developer. Once downloaded, the malware transmits stolen data to a server located at “proai[.]club/panelgood/,” where attackers can retrieve it later, g0njxa says.
A report from AnyRun, a sandbox malware analysis service, confirmed that the Windows variant is Lumma Stealer.
Potential Impact On Users
Those users who have installed these malicious tools in the past are at significant risk of compromise and are advised to reset them with unique passwords at every site visited immediately.
It is recommended that users enable multi-factor authentication for sensitive accounts, such as email services, online banking, and cryptocurrency platforms.
Additionally, one should be vigilant when downloading software, especially from unfamiliar sources, to avoid falling victim to these evolving threats.
Security researchers have uncovered a new cybercrime campaign that uses fraudulent websites to distribute malware, Lumma Stealer and AMOS, on Windows and macOS devices, respectively (via BleepingC |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | “edit “editproai “get “proai according accounts additional additionally ads advertisements advised aim amos analysis and cookies anyrun appear application archive are artificial attackers attention authentication avoid banking banners biden bleepingcomputer browsers browsing called campaign can card certificate chrome click clicking club/panelgood/ code com compiled compromise confirmed cookie cream created credentials credible credit cryptocurrency cyberattacks cybercrime cybersecurity data deepfake designed details developer devices digitally distribute dmg” download downloaded downloading draw edge editor editpro editproai email enable engine enjoying especially every evolving exe” expert exploit factor fake faking falling feature featuring file: files firefox formerly fraudulent freeware from g0njxa generators google have histories how however ice image images immediately impact impersonating installed intelligence laden later layouts legitimate like links located lumma macos malicious malware marketplaces may microsoft mozilla multi new newest now” once one online org passwords past platforms political popular potential president pro proai professional programs promote push recommended release report reportedly researchers reset respectively results retrieve risk sandbox saved says search security sell sensitive server service services setup should signed significant signing site sites software softwareok some sources steal stealer stole stolen such taken them these those threats through together tools transmits transmitted trump twitter two ubiquitous uncovered underground unfamiliar unique users uses using variant victim video videos vigilant virustotal visited wallets websites when where which who will windows works |
| Tags | Malware Tool Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.