The infamous APT hacking group referred to as FIN7 has launched a community of pretend AI-powered deepnude generator websites to contaminate guests with information-stealing malware.
FIN7 is believed to be a Russian hacking group that has been conducting monetary fraud and cybercrime since 2013, with ties to ransomware gangs, comparable to DarkSide, BlackMatter, and BlackCat, who not too long ago carried out an exit rip-off after stealing a $20 million UnitedHealth ransom fee.
FIN7 is thought for its refined phishing and social engineering assaults, comparable to impersonating BestBuy to ship malicious USB keys or making a faux safety firm to rent pentesters and builders for ransomware assaults with out them understanding.
So it is not shocking to search out that they’ve now been linked to an intricate community of internet sites selling AI-powered deepnude turbines that declare to create faux nude variations of images of clothed people.
The expertise has been controversial because of the hurt it might trigger to the topics by creating non-consensual express photos, and it has even been outlawed in lots of locations on the planet. Nevertheless, the curiosity on this expertise stays sturdy.
A community of deepnude turbines
FIN7’s faux deepnude websites function honeypots for folks serious about producing deepfake nudes of celebrities or different folks. In 2019, menace actors used an identical lure to unfold info-stealing malware even earlier than the AI explosion.
The community of deepnude turbines operates underneath the identical “AI Nude” model and is promoted by black hat web optimization techniques to rank the websites excessive in search outcomes.
In accordance with Silent Push, FIN7 straight operated websites like “aiNude[.]ai”, “easynude[.]web site”, and nude-ai[.]professional,” which supplied “free trials” or “free downloads,” however in actuality simply unfold malware.
All of the websites use an identical design that guarantees the power to generate free AI deepnude photos from any uploaded photograph.
Supply: Silent Push
The faux web sites enable customers to add images that they want to create deepfake nudes. Nevertheless, after the alleged “deepnude” is made, it’s not displayed on the display. As a substitute, the person is prompted to click on a hyperlink to obtain the generated picture.
Doing so will deliver the person to a different website that shows a password and a hyperlink for a password-protected archive hosted on Dropbox. Whereas this website remains to be alive, the Dropbox hyperlink now not works.
Supply: BleepingComputer
Nevertheless, as an alternative of a deepnude picture, the archive archive accommodates the Lumma Stealer information-stealing malware. When executed, the malware will steal credentials and cookies saved in internet browsers, cryptocurrency wallets, and different information from the pc.
Silent Push additionally noticed some websites selling a deepnude technology program for Home windows that will as an alternative deploy Redline Stealer and D3F@ck Loader, that are additionally used to steal info from compromised units.
All seven websites detected by Silent Push have since been taken down, however customers who may need downloaded information from them ought to think about themselves contaminated.
Different FIN7 campaigns
Silent Push additionally recognized parallel FIN7 campaigns dropping NetSupport RAT by web sites that immediate guests to put in a browser extension.
Supply: Silent Push
In different instances, FIN7 makes use of payloads that seem to spoof well-known manufacturers and functions comparable to Cannon, Zoom, Fortnite, Fortinet VPN, Razer Gaming, and PuTTY.
Supply: Silent Push
These payloads could also be distributed to victims utilizing web optimization techniques and malvertising, tricking them into downloading trojanized installers.
FIN7 was not too long ago uncovered for promoting its customized “AvNeutralizer” EDR killing instrument to different cybercriminals, focusing on IT employees of automotive makers in phishing assaults, and deploying Cl0p ransomware in assaults towards organizations.