AI tools like Midjourney, ChatGPT-5 and DALL-E can be a game changer when it comes to creating content but unfortunately, many of them are locked behind subscriptions or only available in limited access.
There’s nothing hackers love more than something in short supply and according to a new report from Bitdefender, they’ve devised a complex way to use these tools — and access to them — to infect unsuspecting users with info-stealing malware.
Just like with other online scams, this one starts on Facebook before potential victims are led to a malicious site controlled by the hackers behind this campaign. From there, malicious ads are then used to infect those with an interest in AI with all sorts of dangerous malware.
While this campaign has primarily targeted European users so far, it could be retooled to go after those searching for AI tools on Facebook in other countries too. Here’s everything you need to know about how hackers are leveraging the popularity of AI tools in their attacks along with some tips on how you can stay safe from info-stealing malware.
From account takeover to malvertising
This malicious campaign begins with the hackers behind taking over existing Facebook accounts. This is a common tactic used by cybercriminals since they can use an account or page’s existing reputation and followers for their own gains.
Once an account is compromised, the hackers then give it an AI-themed makeover with new cover and profile photos as well as descriptions to make it appear as if it is run by one of the well-known AI image and video generator companies. From here, they then try to boost the page’s legitimacy with news, AI-generated photos and advertisements to further impersonate whichever AI image generator or video generator service they want to leverage in their attacks. They also add links that unsuspecting users might click on to get free access or a free trial to this particular AI tool. The end goal of all of this is to trick users into clicking on a link to a malicious site where malware will be downloaded onto their devices.
During their investigation, Bitdefender’s security researchers found that the hackers responsible used a much different approach with Midjourney. For other AI tools, they urged visitors to download the latest versions from Dropbox or Google Drive but with Midjourney, they created more than a dozen malicious sites that impersonated the tool’s actual landing page. These sites then tried to trick visitors into downloading the latest version of the tool via a GoFile link.
Using malicious ads to distribute infostealers
There’s one thing that all of the info-stealing malware distributed in this campaign has in common, they all use a malware-as-a-service business model. For those unfamiliar, these types of malware strains are developed by cybercriminals and then purchased by other hackers to use in their attacks as subscriptions. Yes, even hackers are inundated with subscription services too. In total, we’re dealing with four different info-stealing malware strains here which include Rilide, Vidar, ICERAT and Nova.
Bitdefender’s security researchers observed that a new version of the Rilide Stealer was used in a number of sponsored ad campaigns that impersonated AI tools and photo editors including Sora, CapCut, Gemini AI, Photo Effects Pro and CApCut Pro. This malware is a malicious extension posing as a Google Translate extension that targets Chromium-based browsers like Chrome, Edge, Brave and Opera to monitor a victim’s browsing history, harvest their login credentials and even steal cryptocurrency by getting around two-factor authentication (2FA).
Of these multiple campaigns impersonating AI tools, the one involving Midjourney was the most successful and remained active the longest. As BleepingComputer points out, a Facebook page impersonating Midjourney managed to attract 1.2 million followers and remained active for almost a year before being taken down. This fake page has since been shut down by Meta though.
How to stay safe from info-stealing malware
Just like when downloading free apps on official app stores, you need to be careful when it comes to trying new AI tools. For instance, there isn’t a desktop version of Midjourney yet but that didn’t stop the hackers behind this campaign from advertising one online.
We saw similar tactics used with fake ChatGPT apps back when OpenAI’s chatbot wasn’t open to everyone yet. Hackers would trick unsuspecting users with quick access and a chance to jump the queue, only to infect them with malware.
For this reason, it’s best to go to an AI tools’ official page and do plenty of research before installing anything. A quick online search will let you know whether or not an AI image generator or other tool has a desktop version or a mobile app. Anyone claiming something different is most likely a hacker trying to trick you.
At the same time, you want to avoid clicking on ads no matter how legitimate they may appear at first glance. It’s easy for hackers to buy advertising space and run malicious ads online which is why I personally recommend you don’t click on any ads. If you do see a promotion about a product you’re interested in, just head to that company’s page where you’ll likely find it at the same sale price.
When it comes to protecting yourself, you should be using the best antivirus software with your PC, the best Mac antivirus software with your Apple computer and one of the best Android antivirus apps with your Android phone. There’s no equivalent of the last one for the best iPhones but Intego’s Mac antivirus software can scan an iPhone or iPad for malware but only when it’s connected via USB to a Mac.
Another helpful tool to identify scams is Bitdefender’s own Scamio. This AI-powered scam detector can tell you everything you need to know about whether an email, message or website is actually a scam and you can upload suspicious links, screenshots or even QR codes to the service for evaluation.
The methods hackers use in their attacks and human nature go hand in hand as they often try to exploit our emotions or desire to be the first to try something new. However, by being patient and careful online, you can avoid having your devices infected with malware and your personal data stolen.