Google warns of Vietnam-based hackers using bogus AI video generators to spread malware

Fake AI-powered video generators are being used to spread infostealers and other types of malware, Google researchers have found. 

A group of cybercriminals created a network of fraudulent websites masquerading as cutting-edge AI tools and then bought ads on social media platforms to promote the sites, the researchers said. 

Experts from the tech giant’s Mandiant unit published a report backing previous assessments by Facebook and security firm Morphisec that identified a campaign designed to weaponize interest in AI tools that can generate videos based on user prompts. 

Mandiant said it has been tracking the campaign since November and believes the group — tagged as UNC6032 — is likely based in Vietnam. 

“Victims are typically directed to these fake websites via malicious social media ads that masquerade as legitimate AI video generator tools like Luma AI, Canva Dream Lab, and Kling AI, among others,” Mandiant researchers explained, noting that they have found thousands of ads that reached millions of users across platforms like Facebook and LinkedIn. 

The campaign is likely active on other platforms as well, and Mandiant said it has observed incidents “culminating in the exfiltration of login credentials, cookies, credit card data, and Facebook information through the Telegram API.”

The campaign has been ongoing since the middle of 2024 and has impacted people globally. Mandiant said it worked with Meta to remove the malicious ads, domains and accounts but noted that the social media giant removed many of the malicious ads before Mandiant approached them. 

Mandiant was able to research the ads through Meta’s Ad Library, which the company was recently required to create as part of the European Union’s Digital Services Act. The tool allowed the researchers to find 30 websites promoted by thousands of ads placed on Facebook. 

The hackers published the ads through newly created Facebook pages and compromised accounts on the platform. The total reach of the ads in the EU was 2.3 million users — a figure compiled based on the estimated number of accounts that saw the ad at least once. 

The campaign typically rotated the domains mentioned in the ads to avoid detection by researchers. 

On LinkedIn, Mandiant found about 10 ads that accrued about 50,000 to 250,000 impressions in the U.S., Europe and Australia. 

All of the websites had similar interfaces that offered text-to-video or image-to-video generation. Once someone provides a prompt, they will be served a file with a strain of malware known as STARKVEIL. 

The malware is designed to steal information and create backdoors for the hackers to extend their access. Other strains of the malware tell the hackers what anti-virus tool is installed, whether the device has a camera, the time zone of the victim and more. 

“Although our investigation was limited in scope, we discovered that well-crafted fake ‘AI websites’ pose a significant threat to both organizations and individual users,” the researchers said.  

“These AI tools no longer target just graphic designers; anyone can be lured in by a seemingly harmless ad. The temptation to try the latest AI tool can lead to anyone becoming a victim.”

Last year, researchers at Bitdefender uncovered a similar campaign in which hackers took over Facebook accounts and populated them with product news and advertisements for software that had links to downloads containing various types of infostealing malware.

Mandiant’s report was released on Tuesday ahead of the Google Safety Engineering Center’s inaugural Scams Summit and alongside a larger Google advisory about customer support scams, fake travel websites, fictitious package tracking messages and unpaid toll SMS texts. The advisory includes the kind of malvertising spotlighted in Mandiant’s report on fake AI video generators.