Lumma stealer spreads via fake AI video generators

The Lumma stealer malware campaign has adopted a new infection tactic that uses fake AI image and video generator software solutions.

Based on reports, this new campaign could infect Windows and macOS and steal information, such as credentials and cryptocurrency wallets. The malicious payloads in this campaign are a Windows virus and the AMOS malware for macOS.

However, the researchers noted that AMOS and Lumma can both steal cryptocurrency wallets, cookies, credentials, passwords, credit cards, and browsing history from Google Chrome, Edge, and Firefox.

The campaign operators save the stolen data from an archive and return it to an attacker-controlled server. Hence, the threat actors may use it in subsequent attacks or sell it on the dark web.

 

Lumma stealer spreads via bogus AI picture generators.

 

According to investigations, the alleged Lumma stealer threat actors have developed fake websites that impersonate the AI video and image editor software dubbed EditPro.

In addition, the researchers noticed that the campaign uses promotions and sponsorship to boost its appearance on various channels, such as X. The sites also display intriguing topics, such as deepfake political films, such as President Biden and Trump having ice cream to attract potential users.

Clicking on the images directs the user to fake EditProAI program websites, such as editproai[.]pro for Windows malware and editproai[.]org for macOS malware. Clicking the “Get Now” links downloads an executable that looks like the EditProAI application.

The researchers also stated that the malware uses a panel at “proai[.]club/panelgood/” to transmit stolen data, which threat actors can then access. On the other hand, separate research and a report confirming that the Windows malware variant was executed on an analysed device and the sandbox service identified the malware as Lumma Stealer.

Therefore, users who have already downloaded the malicious software should consider that the campaign has compromised their saved passwords, cryptocurrency wallets, and authentications.

Changing credentials, such as passwords, is the best way to mitigate the impact of the malware attack. Users should also set up MFA for sensitive websites like cryptocurrency exchanges, online banking, email services, and financial institutions.

The potentially affected users who acquired the fake AI image generators should be wary of targeted attacks as the threat actors may have already stolen data that might allow them to execute other malicious activities.