Mandiant finds over 30 fake AI websites spreading malware

According to Mandiant, fake AI video generation websites promoted via Facebook and LinkedIn ads have been found to spread a variety of malware payloads with reconnaissance and backdoor features. The campaign has been ongoing since at least mid-2024, mimicking popular AI tools like Luma AI, Kinva Dream Lab, Canva Dream Lab, Luma AI like Canva Dream Lab, and Canva Dream Lab. The threat actor behind the campaign was tracked as UNC6032 by Mandiant, a part of Google Cloud, and is thought to be of Vietnamese origin. Millions of Facebook ads combine millions of views to point users towards malicious sites, with around 10 LinkedIn ads reported about 50,000 to 250,000 Imprene Thins, reporting an estimated 50,000 to 250,000 impressions. Morphisec, UNC6032’s fake website claims to provide free text-to-video image or video-to-video functionality, and ultimately provides a malicious executable file that is disguised as a .MP4 video file in response to user prompts or image uploads. “Mandiant has observed the various paths used by threat groups. Morphisec explains one of the other paths that this group uses.”

Malicious DLLs for Multi-Stage Attack Chain Side Road

In an analysis of one UNC6032 attack, in Mandiant’s threat defense, the last dropper tracked as starkveil was used to deploy three final Python-based payloads after the multi-stage attack chain. In this case, the file was found using some extensions to use some files of fake extensions to use Luma ai spoofing bour ai. The use of the name.Whitespace character, along with the default .mp4 Windows icon, tricks users into believing that the file is an AI-generated video they were expecting. You need to run Starkveil Dropper twice and you need to complete the attack chain. When you run the file, you will see an error window designed to allow the user to reopen the video. On the first run, Starkveil drops the embedded file into the C:\winsystem\ directory, and on the second run, Python Launcher’s Py.exe is invited to Python’s decodeaseaseedededeaseededeasededeasededeased as coilhatted.exe. Mandiant explained that the first stage Base85 encoded Python code decodes the second stage Python Bytecode. This second stage code will eventually run a legal digitally signed executable that will eventually be used to sideload the final launcher Heif.dll.

3 payload establishes backdoor persistence and sets stages of infosteel

The last three payloads are known as Grimpull, Xworm and Frostrift, the latter having both reconnaissance and backdoor functions, and Grimpull acts as a downloader to obtain subsequent payloads. Grimpull is surrounded by legitimate python.exe processes as Avcodec-61.dll and performs multiple checks to ensure that it is not running in a sandbox environment or a virtual machine (VM). The downloader then connects to the Command and Control (C2) server via TOR and periodically checks the .NET payload to decrypt and load it into memory. UNC6032 uses XWORM to collect system information, extend it to telegram chat, receives log keystrokes from an external C2 server, and commands from the ffplay.exe process that is kept in the FFPlay.exe process. This reconnaissance will help set the stage for future info-formula and subsequent attacks that may be facilitated by payloads acquired by Grimpull Downloader. Malware uses Xworm and Frostrift Autorun registry keys to establish backdoor persistence. and malware distribution. Check Point Research reported another similar campaign earlier this month. KlingAI spread the malware in PureHVNC rats. Added to AI video tools, the popular leading language model (LLMS) is also targeting impersonation, as seen in the Malvertising campaign reported by MalwareBytes in March, mimicking Deepseek.