Action of Lumma Stealer and AMOS malware
Posted: Sat Dec 21, 2024 3:33 am
A new cyber scam has been gaining attention by using the popularity of artificial intelligence (AI) as bait to steal user data.
Malicious ads featuring deepfakes of political figures promoting a fake video editor called EditProAI are spreading dangerous malware on Windows and macOS.
How malware uses ads and deepfakes as bait
The attackers use malvertising — a practice that combines misleading ads with links to malicious programs.
In the most recent case, advertisements published on X (formerly Twitter) feature videos with deepfakes of personalities such as Joe Biden and Donald Trump.
Grok-2: X's new AI (Twitter) that has no restriction filters
In these videos, politicians appear in unusual situations, such as chinese overseas america database eating ice cream together, to attract attention.
These ads direct victims to the fake EditProAI website, which promises a revolutionary AI-powered video editing tool.
Despite its professional appearance, including cookie banners and a trustworthy design, the website distributes infected files (.exe for Windows and .dmg for macOS), which install the Lumma Stealer and AMOS malware, respectively.
The two malwares have similar goals, but operate on different systems:
Lumma Stealer (Windows): Specializes in stealing data such as cookies, credentials, passwords, credit card information, and browsing histories. It also accesses cryptocurrency wallets stored on the device.
AMOS (macOS): With similar functions to Lumma, the malware collects sensitive information from browsers and stores stolen data for malicious uses.
Both install themselves stealthily after downloading the infected file.
Sandbox tests (an isolated environment for malware analysis) confirmed the presence of threats in apparently harmless files.
Malvertising: how large platforms are exploited
The attack reveals how large advertising platforms like X are used by cybercriminals to reach a wide audience.
This strategy is not new, but it has been intensified with the use of fake AI tools as a lure.
This method has been used before in scams involving popular tools like ChatGPT and Google Authenticator.
The malvertising technique consists of creating advertisements that imitate legitimate advertisements, deceiving users with promises of innovative services.
Malicious ads featuring deepfakes of political figures promoting a fake video editor called EditProAI are spreading dangerous malware on Windows and macOS.
How malware uses ads and deepfakes as bait
The attackers use malvertising — a practice that combines misleading ads with links to malicious programs.
In the most recent case, advertisements published on X (formerly Twitter) feature videos with deepfakes of personalities such as Joe Biden and Donald Trump.
Grok-2: X's new AI (Twitter) that has no restriction filters
In these videos, politicians appear in unusual situations, such as chinese overseas america database eating ice cream together, to attract attention.
These ads direct victims to the fake EditProAI website, which promises a revolutionary AI-powered video editing tool.
Despite its professional appearance, including cookie banners and a trustworthy design, the website distributes infected files (.exe for Windows and .dmg for macOS), which install the Lumma Stealer and AMOS malware, respectively.
The two malwares have similar goals, but operate on different systems:
Lumma Stealer (Windows): Specializes in stealing data such as cookies, credentials, passwords, credit card information, and browsing histories. It also accesses cryptocurrency wallets stored on the device.
AMOS (macOS): With similar functions to Lumma, the malware collects sensitive information from browsers and stores stolen data for malicious uses.
Both install themselves stealthily after downloading the infected file.
Sandbox tests (an isolated environment for malware analysis) confirmed the presence of threats in apparently harmless files.
Malvertising: how large platforms are exploited
The attack reveals how large advertising platforms like X are used by cybercriminals to reach a wide audience.
This strategy is not new, but it has been intensified with the use of fake AI tools as a lure.
This method has been used before in scams involving popular tools like ChatGPT and Google Authenticator.
The malvertising technique consists of creating advertisements that imitate legitimate advertisements, deceiving users with promises of innovative services.