- Security researchers discover ad campaign for a piece of fake software
- Software was advertised as an AI-powered photo and video editor
- In reality, it was distributing the AMOS and Lumma Stealer malware
Hackers are hiding infostealers and other malware behind fake AI-powered photo and video editors, experts have claimed.
A cybersecurity researcher alias g0njxa found a socail media advertising campaign promoting the malware, posing as a fake editor called EditPro, and propped up an accompanying website editproai[dot]pro.
Then, they created deepfake videos of Presidents Trump and Biden enjoying ice cream together, and used them in ads posted on social media sites such as X. The fake editors were built for both Windows and macOS, but anyone who falls for the trick and downloads the program, will end up installing either Lumma Stealer or AMOS.
Lumma and AMOS
Lumma Stealer is a malware-as-a-service (MaaS) tool designed to steal sensitive information, including login credentials, cookies, browsing history, credit card data, and cryptocurrency wallet details.
The malware employs sophisticated techniques like process injection and encrypted communications with command-and-control servers, making it challenging to detect and mitigate. It has been active since 2022, with frequent updates enhancing its evasion and data theft strategies.
AMOS, short for Attack Management and Operations System, is a platform that enables threat actors to manage malware campaigns with minimal technical skills. It acts as a command-and-control (C2) system, and provides tools for deploying malware, managing infected systems, and exfiltrating stolen data.
It is typically used to coordinate large-scale attacks, automating many aspects of the cybercriminal workflow.
If you downloaded the fake EditPro software, assume that all of your passwords, and sensitive information stored on the device, are compromised. As such, make sure to first remove any traces of the malware from the computer, before updating all passwords and other sensitive data. Enable 2FA wherever possible, and move your cryptos and NFTs to a new wallet with a new seed phrase.
Via BleepingComputer
You might also like
- Lumma Stealer malware linked as project fixes in GitHub comments
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
