The infamous APT hacking group generally known as FIN7 has launched a community of faux AI-powered deepnude generator websites to contaminate guests with information-stealing malware.
FIN7 is believed to be a Russian hacking group that has been conducting monetary fraud and cybercrime since 2013, with ties to ransomware gangs, comparable to DarkSide, BlackMatter, and BlackCat, who just lately performed an exit rip-off after stealing a $20 million UnitedHealth ransom cost.
FIN7 is thought for its refined phishing and social engineering assaults, comparable to impersonating BestBuy to ship malicious USB keys or making a pretend safety firm to rent pentesters and builders for ransomware assaults with out them realizing.
So it is not stunning to seek out that they’ve now been linked to an intricate community of internet sites selling AI-powered deepnude mills that declare to create pretend nude variations of photographs of clothed people.
The expertise has been controversial because of the hurt it will probably trigger to the topics by creating non-consensual express photos, and it has even been outlawed in lots of locations on the earth. Nevertheless, the curiosity on this expertise stays sturdy.
A community of deepnude mills
FIN7’s pretend deepnude websites function honeypots for individuals interested by producing deepfake nudes of celebrities or different individuals. In 2019, menace actors used the same lure to unfold info-stealing malware even earlier than the AI explosion.
The community of deepnude mills operates beneath the identical “AI Nude” model and is promoted by way of black hat web optimization techniques to rank the websites excessive in search outcomes.
In line with Silent Push, FIN7 immediately operated websites like “aiNude[.]ai”, “easynude[.]website”, and nude-ai[.]professional,” which offered “free trials” or “free downloads,” however in actuality simply unfold malware.
All of the websites use the same design that guarantees the flexibility to generate free AI deepnude photos from any uploaded photograph.
Supply: Silent Push
The pretend web sites enable customers to add photographs that they want to create deepfake nudes. Nevertheless, after the alleged “deepnude” is made, it isn’t displayed on the display. As an alternative, the person is prompted to click on a hyperlink to obtain the generated picture.
Doing so will carry the person to a different web site that shows a password and a hyperlink for a password-protected archive hosted on Dropbox. Whereas this web site remains to be alive, the Dropbox hyperlink now not works.
Supply: BleepingComputer
Nevertheless, as a substitute of a deepnude picture, the archive archive incorporates the Lumma Stealer information-stealing malware. When executed, the malware will steal credentials and cookies saved in net browsers, cryptocurrency wallets, and different knowledge from the pc.
Silent Push additionally noticed some websites selling a deepnude era program for Home windows that may as a substitute deploy Redline Stealer and D3F@ck Loader, that are additionally used to steal info from compromised units.
All seven websites detected by Silent Push have since been taken down, however customers who might need downloaded recordsdata from them ought to take into account themselves contaminated.
Different FIN7 campaigns
Silent Push additionally recognized parallel FIN7 campaigns dropping NetSupport RAT by way of web sites that immediate guests to put in a browser extension.
Supply: Silent Push
In different instances, FIN7 makes use of payloads that seem to spoof well-known manufacturers and purposes comparable to Cannon, Zoom, Fortnite, Fortinet VPN, Razer Gaming, and PuTTY.
Supply: Silent Push
These payloads could also be distributed to victims utilizing web optimization techniques and malvertising, tricking them into downloading trojanized installers.
FIN7 was just lately uncovered for promoting its customized “AvNeutralizer” EDR killing software to different cybercriminals, concentrating on IT workers of automotive makers in phishing assaults, and deploying Cl0p ransomware in assaults in opposition to organizations.
