Fake AI Image Generator Scam Spreads Malware, Targeting Content Creators and Businesses

This fake AI image generator is pushing info-stealing malware onto Macs and PCs

Passwords, financial info and other stolen data from this fake AI tool is sent right back to hackers Threat actors have been using links to fake AI image and video generators to steal login credentials and browsing history from infected Windows PCs and Macs As reported by BleepingComputer and first discovered by cybersecurity researcher gonjxa on X, these fake apps are being spread through both search results and ads on the social media platform showing political deepfakes. The malicious links they contain lead to very professional appearing websites purporting to be for the fake AI image and video editing software application EditProAi. Though it feels legitimate and even looks so at first glance, the download link for this fake AI app actually contains malware, namely the Windows variant of Lumma Stealer on PC and the macOS version of AMOS on Apple computers. The malware itself attacks Chromium-based browsers to steal credentials, passwords, credit cards, cookies and browsing history, as well as cryptocurrency. Google Chrome, Microsoft Edge, Mozilla Firefox, Opera and Samsung Internet are all among the affected browsers. Data is then archived and sent back to the attackers where it can be sold on the dark web or used in further attacks. The PC malware used in this campaign leverages a stolen code signing certificate from the freeware utility developer Softwareok.com to help it bypass Microsoft's built-in defenses. If you've downloaded and installed this program, all of your authentications, saved passwords and crypto wallets should be considered compromised. Every site you visited after installing it should have its password reset with a strong, unique password. Likewise, any online banking or email services you visited with it installed on your computer need to be secured by using 2FA or multi-factor authentication if you haven't done so already. It's been said before but it bears repeating: you can never be too safe online. Whether it's a new game or an AI image generator, if something seems too good to be true, it almost certainly is. That's why you want to stick with known sites, services and in this case, AI tools like the ones on our list of the best AI image generators. You also obviously will want to have strong protection against viruses on your Mac or PC, so make sure you have the best antivirus software on your PC and the best Mac antivirus software on your Apple computer. This ensures that malware is detected and blocked from infecting your machine which prevents your sensitive personal and financial data from being stolen by hackers in the first place. At the same time, you want to stick to known sites and services with a good reputation and background, when in doubt, use Google or another reputable search engine for background information and reviews. And for the love of Dolly Parton, don't just click on any link from social media or share your personal info all over the internet. If you do, you're just asking for trouble and you could even end up becoming a victim of identity theft.

Don't Fall for This Fake Image Generator and Its Political AI Slop

Threat actors are using a fake AI video and image generator website, EditProAI, to infect Windows and macOS PCs with the Lumma Stealer and AMOS malware. When you use the site, the malware steals your information, such as cryptocurrency wallets and cookies, credentials, passwords, credit cards, and browsing history from Google Chrome, Microsoft Edge, Mozilla Firefox, and other Chromium browsers. As discovered by cybersecurity researcher @g0njxa, and first reported by BleepingComputer, the site is promoted through Google search results and X posts. One post features a deepfake political video of President Biden and Donald Trump enjoying ice cream together and riding a motorcycle. The account owner of the post above, a so-called Caspian Winterbourne, links to EditProAI in their bio and lists a US location. The account retweets political content from both sides of the aisle -- Barack Obama to right-wing conspiracy theorist Alex Jones. Other retweets include videos of puppies and UFC fighters, presumably throwing anything at the wall to see what attracts more followers. The EditProAI site appears legitimate, with a menu, customer service chatbot, and even a cookies banner that links to a privacy policy. However, clicking "Get Now" downloads the malware. For Windows users, the file is called "Edit-ProAI-Setup-newest_release.exe" (VirusTotal) and for macOS, it is named "EditProAi_v.4.36.dmg" (VirusTotal), BleepingComputer reports. The data goes into an archive and is then sent back to the attacker, who can use it for further attacks or sell it on a cybercrime marketplace. Lumma Stealer is a Windows malware and AMOS is for macOS. Threat actors were found to be using the Lumma Stealer last month to infect computers through a fake CAPTCHA test. Another EditPro website, with the same name and slightly different URL, could be an offshoot of the scheme. It offers various photo-editing services, such as background removal, face retouching, color correcting, and AI generation. The pricing page takes payment in Indian rupees.

AI Video Tool Scams Target Content Creators | PYMNTS.com

Cybersecurity researchers have uncovered a sophisticated malware campaign using fake AI video generation software to steal sensitive data from Windows and Mac users, highlighting new risks as businesses rush to adopt artificial intelligence tools. Security experts warn that the campaign, first reported by Bleepingcomputer, employs stolen code-signing certificates and professional-looking websites. It represents an emerging threat vector as organizations embrace AI content tools. Victims are advised to immediately reset compromised credentials and enable multi-factor authentication on sensitive accounts. "A recent rise of fake AI video generation tools is a worrying development that shows how cybercriminals take advantage of newly emerging trends," Ed Gaudet, CEO and founder of Censinet, told PYMNTS. "With AI video creation becoming popular, companies must have measures to verify tools, set up security protocols, and protect their creative teams from scams." The surge in AI-related scams threatens to undermine consumer confidence in legitimate eCommerce platforms selling artificial intelligence content tools, potentially slowing adoption among online shoppers and merchants. Small businesses and content creators who fall victim to these scams face severe disruption to their online operations, as compromised payment credentials and authentication tokens can lead to fraudulent transactions and account takeovers on major eCommerce platforms. The scam revolves around "EditProAI," a fraudulent video editing application promoted through social media with deepfake political videos. When downloaded, the software installs information-stealing malware that harvests passwords, cryptocurrency wallets and authentication tokens -- creating potential entry points for corporate network breaches. The scammers promote the malicious software through targeted social media ads featuring attention-grabbing deepfake content, like fabricated videos of political figures, that link to convincing copycat websites. These sites mimic legitimate artificial intelligence platforms with standard website elements like cookie consent banners and professional design, making them difficult to distinguish from authentic services. When victims click "Get Now," they download malware tailored to their operating system -- Lumma Stealer for Windows or AMOS for MacOS. These programs masquerade as AI video editing software while covertly collecting stored browser data, which attackers then aggregate through a control panel and sell on cybercrime marketplaces or use to breach corporate networks. AI-generated video scams using malware are becoming more sophisticated and dangerous. For instance, cybercriminals have created YouTube tutorials offering free access to popular software like Photoshop and Premiere Pro. These videos include links leading to malicious programs such as Vidar, RedLine and Raccoon, which steal personal information like passwords and payment data. One example involved malware disguised as a cracked version of the software, which infected thousands of devices, extracting sensitive details from unsuspecting users. Such AI-generated content is often professionally produced, mimicking legitimate tutorials and exploiting users' trust, making malware campaigns harder to detect and combat effectively. "Downloading niche software exposes users to risks like ransomware, info stealers, crypto miners, and the like, which used to be at the top of security professionals' minds years ago," Tirath Ramdas, founder and CEO of Chamomile.ai, told PYMNTS. "But I don't think these problems will reemerge to the same extent as before because protection has genuinely improved." Ramada said endpoint detection software has improved. Today, all antivirus solutions benefit from artificial intelligence technology to provide improved detection capabilities. Browsers have also become better at preventing the installation of PUA (potentially unwanted apps). "Mac and Windows operating systems have become hardened by default," he added. "And for enterprises, a shift to zero trust architecture means that even if someone in marketing is tricked into installing malware, the impact is better isolated than before." Gaudet said that when under tight deadlines, creative teams become more susceptible to scams that promise fast results. "To combat this, companies need to make cybersecurity awareness training specific to the creative team's unique challenges," he said. "It is very important to educate employees to recognize phishing attempts and software authenticity and report any suspicious activities."