Russian hackers trap fans of artificial intelligence-generated avatars

Sites for generating sexualized female avatars via artificial intelligence are multiplying, offering hackers a new hunting ground to trap their victims. Two reports published by the companies Silent Push and ESET indicate that the cybercriminal group FIN7 is promoting pornographic AI as bait in a new campaign.

These platforms have names like “aiNude[.]ai” or “easynude[.]website” and were developed by hackers to infect visitors in various ways. Some of these sites include classic information-stealing programs that can steal cookies, passwords and sensitive data to target businesses.

In one example spotted by researchers, the Internet user must directly download the software to generate avatars on their desktop. Once it executes the zip file, it will install malware such as Redline Stealer or Lumma Stealer. On other sites, the victim is tricked into clicking on a “free trial” offer, triggering the download of the malware.

A Russian group specializing in “elaborate phishing”

Cybersecurity experts note that cybercriminals use SEO tactics so that their traps rank higher in search results. All the sites spotted have been taken offline, but researchers suggest that FIN7 may have already restarted similar campaigns exploiting other domains.

FIN7, also known as Carbanak, is a Russian-speaking cybercriminal group active since 2013. According to ANSSI, the French agency dedicated to state cybersecurity, this gang, specializing in sophisticated financial attacks, mainly targets foodservice, hospitality and retail sectors, including the United States, United Kingdom, Australia and France.

The group is notorious for its elaborate phishing campaigns, using carefully crafted emails to trick recipients into opening malicious attachments or clicking on compromising links. This latest campaign shows that the group is adapting to the latest trends emerging on the web.