Beware: Fake AI Image Generators Spread Lumma Stealer Malware on Windows & macOS

Beware: Fake AI Image Generators Spread Lumma Stealer Malware on Windows & macOS

November 16, 2024 Catherine Williams - Chief Editor Tech

Threat Alert: Fake AI Image Generators Spread Malware

Recently, fake AI image and video generators have emerged, infecting both Windows and macOS systems. These platforms use malware called Lumma Stealer and AMOS to steal sensitive information, including login credentials and cryptocurrency wallet data.

Malicious Websites

Table of Contents

Cybercriminals have created deceptive websites that resemble an AI tool named EditPro. These sites appear in search results and ads, promoting enticing deepfake videos of public figures, like President Biden and Trump. Clicking these ads leads users to fake versions of EditProAI.

  • The Windows site, editproai[.]pro, delivers malware targeting Windows users.
  • The macOS site, editproai[.]org, delivers malware for Mac users.

These websites look legitimate, complete with cookie consent banners. However, clicking the “Get Now” buttons downloads malicious installers instead of the promised application.

Downloading Malware

For Windows, the downloaded file is named “Edit-ProAI-Setup-newest_release.exe,” while for macOS, it is “EditProAi_v.4.36.dmg.” The Windows version is signed with a stolen code signing certificate from a known software company, making it appear trustworthy.

Data Theft and Consequences

The malware sends stolen information to a remote server controlled by the attackers, facilitating further criminal activities. If you have downloaded this program, you must assume that your credentials are compromised. Immediately change passwords for sensitive accounts, especially for cryptocurrency exchanges and banking sites, using unique and strong passwords. Enable multi-factor authentication wherever possible.

Growing Malware Threat

Information-stealing malware has surged recently. Cybercriminals execute large-scale operations to target users and steal data. Other tactics include exploiting zero-day vulnerabilities and misleading users on platforms like GitHub and StackOverflow.

Stolen credentials can lead to corporate breaches and data theft. Cybercriminals may use this information to corrupt corporate networks or take over accounts, causing widespread chaos.

Stay vigilant. Protect your data and devices from these prevalent threats by using strong security measures.