Fake AI video generators are used to hack Windows and macOS devices
- Security researchers discover an advertising campaign for fake software
- Software was advertised as an AI-powered photo and video editor
- In reality, it distributed the AMOS and Lumma Stealer malware
Hackers are hiding infostealers and other malware behind fake AI-powered photo and video editors, experts claim.
A cybersecurity researcher alias g0njxa found a social media ad campaign promoting the malware, posing as a fake editor called EditPro, and set up a companion website editproai.[dot]pro.
They then created deepfake videos of Presidents Trump and Biden enjoying ice cream together, and used them in ads on social media sites like X. The fake editors are built for both Windows and macOS, but anyone who falls for the trick and downloads the program will eventually install Lumma Stealer or AMOS.
Lumma and AMOS
Lumma Stealer is a Malware-as-a-Service (MaaS) tool designed to steal sensitive information including login credentials, cookies, browsing history, credit card details, and cryptocurrency wallet details.
The malware uses advanced techniques such as process injection and encrypted communication with command-and-control servers, making it difficult to detect and mitigate. It has been active since 2022, with regular updates that improve its evasion and data theft strategies.
AMOS, short for Attack Management and Operations System, is a platform that allows threat actors to manage malware campaigns with minimal technical skills. It acts as a command-and-control (C2) system and provides tools for deploying malware, managing infected systems, and exfiltrating stolen data.
It is typically used to coordinate large-scale attacks, automating many aspects of cybercriminals’ workflow.
If you downloaded the fake EditPro software, assume that all your passwords and sensitive information stored on the device have been compromised. Therefore, make sure you remove all traces of the malware from the computer first before updating all passwords and other sensitive data. Enable 2FA where possible and move your cryptos and NFTs to a new wallet with a new seed phrase.
Via BleepingComputer
