Fake video generators using artificial intelligence are being used to hack Windows and macOS devices.
Experts caution that the presence of advertisements in a program does not mean it is harmless.
Cybersecurity researchers have revealed a misleading advertising campaign promoting fake software, presented as an AI-powered photo and video editor. This software, known as EditPro, is actually used to distribute malware called AMOS and Lumma Stealer.
The researcher, who goes by the pseudonym g0njxa, discovered that the campaign was being promoted on social media and had a corresponding website, editproai[dot]pro. The ads included fake videos of former Presidents Trump and Biden enjoying ice cream, which were shared on social platforms like X. Although the fake editor was available for Windows and macOS systems, anyone who downloaded it would end up installing the aforementioned malware.
Lumma Stealer is a type of malware-as-a-service (MaaS) focused on stealing sensitive information. This includes login credentials, cookies, browsing history, credit card data, and cryptocurrency wallet details. Its operation is complex, employing advanced techniques such as process injection and encrypted communications with control servers, making detection and removal difficult. Active since 2022, it has received numerous updates that enhance its capabilities to evade detection and steal data.
On the other hand, AMOS (Attack Management and Operations System) is a platform that allows threat actors to manage malware campaigns without needing advanced technical skills. It acts as a command and control (C2) system and provides tools for deploying malware, managing infected systems, and exfiltrating stolen data, facilitating the coordination of large-scale attacks.
If anyone has downloaded the deceptive EditPro software, it is recommended to assume that their passwords and any sensitive information stored on the device have been compromised. It is essential to remove any trace of the malware before changing all passwords and securing sensitive information. It is also advised to enable two-factor authentication (2FA) whenever possible and to transfer cryptocurrencies and NFTs to a new wallet with a new recovery phrase.
