Widely used artificial intelligence-powered media platform Kling AI has been spoofed on Facebook ads to facilitate remote access trojan distribution, according to The Hacker News.Intrusions commence with the establishment of bogus Facebook pages and ads that redirect to fake Kling AI websites that launch a malicious Windows executable when prompted to create AI-generated images or videos, a report from Check Point Research showed. Such ZIP archive-embedded loader malware not only tracks analysis tools and alters Windows Registry modifications for persistence, but also delivers the second-stage PureHVNC RAT that exfiltrates data from browser-stored cryptocurrency wallet extensions and obtains screenshots. Additional analysis of the phony Kling AI webpage and ads has shown a connection to Vietnam. "With tactics ranging from file masquerading to remote access and data theft, and signs pointing to Vietnamese threat groups, this operation fits into a broader trend of increasingly targeted and sophisticated social media-based attacks," said Check Point researchers. Such a development comes after the new Noodlophile information-stealing malware was reported by Morphisec to have been spread via fake AI tool lures.
You can skip this ad in 5 seconds