data breaches
Russian Hackers Use Fake AI Nudify Sites to Spread Malware and Steal Data
A Russian hacking group known as FIN7 is leveraging fake AI “nudify” sites to trick users into downloading malware, stealing personal information, and compromising sensitive data. These websites promise users the ability to generate non-consensual explicit images using AI—a technology often referred to as “deepnude” generators. However, instead of providing the requested images, these sites serve as a platform to infect visitors with malicious software.
FIN7, which has been linked to numerous cybercriminal activities since 2013, including ransomware operations, has set up a network of fake “deepnude” generator websites under the brand names such as “aiNude[.]ai” and “nude-ai[.]pro.” These sites use black hat SEO tactics to appear prominently in search results, luring users with offers of “free trials” or “free downloads.” Once a user attempts to generate or download a supposedly edited photo, they are redirected to a Dropbox link or another compromised domain that delivers malware instead of the image.
The malware involved includes Lumma Stealer, Redline Stealer, and D3F@ck Loader, all designed to collect data such as saved web browser credentials, cookies, cryptocurrency wallets, and other sensitive information. These information stealers can cause significant damage to users by exposing their online accounts, financial information, and other personal data to hackers. The sites have since been taken down, but users who interacted with them are urged to consider their devices compromised and to take immediate steps to secure their accounts and devices.
In addition to the fake nudify websites, FIN7 has been known to conduct other cyberattacks through sophisticated phishing techniques and impersonation of legitimate entities. They have also used malvertising and SEO tactics to distribute trojanized versions of popular software like Zoom, Fortnite, and Razer Gaming utilities, which further demonstrates their technical capabilities and the range of their activities.
These campaigns are part of a broader trend of cybercriminals using artificial intelligence and deepfake technologies as lures. The concept of AI-generated explicit images has long been controversial due to its potential for abuse, and FIN7 is exploiting this demand to spread malware and further their cybercrime agenda.
The incident serves as a stark reminder to be cautious when navigating online, particularly when engaging with fringe or ethically dubious technologies. Users should avoid uploading sensitive images to unknown websites and always verify the legitimacy of any platform they interact with, especially those making sensational promises involving AI.
Sources:
- BleepingComputer: FIN7 hackers are using fake deepfake “nudify” sites to spread malware, delivering malicious payloads under the guise of AI-edited images.
- Protos.com: Russian hackers are exploiting AI-generated deepfake nudify websites to target victims and steal sensitive information such as cryptocurrency wallets.