close
close

Russian Hackers Push AI Nude Image Generators to Spread Malware

Posted on by angelo
Russian Hackers Push AI Nude Image Generators to Spread Malware

PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Russian Hackers Push AI Nude Image Generators to Spread MalwareRussian Hackers Push AI Nude Image Generators to Spread Malware

Credit: Imaginima via Getty Images

A Russian hacking group is exploiting interest in AI-generated porn to spread malware to unsuspecting users.

A group known as FIN7 or Carbanak is circulating the malware through a collection of seven “AI Deepnude” generator websites, according to research from cybersecurity vendor Silent Push.

The sites claim to offer free downloads or free trials for a so-called “Deepnude Generator,” which can take existing photos of women, and produce new images that remove their clothing. “Yes, AI is able to nudify images,” the sites claim.

In reality, the sites try to dupe users into downloading malware programs that can secretly steal passwords, internet cookies, and other sensitive data from their PCs by redirecting them to a new domain that hosts the malicious payload.

The hacking group has likely been promoting the sites through search engine queries for porn sites, according to Silent Push, which published its report three months after uncovering evidence that FIN7 had re-emerged despite three group members being arrested.

FIN7 was previously known for hacking a wide range of industries to steal payment card data. Silent Push says either the group has revived itself, or someone else is using the gang’s old infrastructure, to start a new wave of hacking activity. “Our analysts have discovered legacy FIN7 domains, malware and TTPs (tactics, techniques, and procedures) in the wild, including spearphishing attack vectors that are listed in the federal indictment,” the vendor said in July.

The good news is that all seven AI nude-generating websites have been taken down. Still, Silent Push warns: “We believe it’s likely new sites will be launched that follow similar patterns.”

The discovery is a reminder cybercriminals often use porn, pirated media, and other popular content to spread malware. FIN7 has also been spreading malware through online advertisements that try to dupe users into installing a malicious browser extension.