Russian Hackers Are Using Fake AI Sites to Steal Crypto Wallets
Russian hackers from the notorious group FIN7 are deploying a new scam to steal cryptocurrency, according to a report from 404 Media. The group is using fake AI websites, designed to look like deepfake nude image generators, as traps to infect users’ devices with malware.
Malware Disguised as AI Tools
The scam involves fake AI platforms where users believe they can generate nude images or access free trials. However, instead of receiving any images, users unknowingly download malware like RedLine and Lumma Stealer. These malicious programs are designed to steal sensitive data, including login credentials and crypto wallet details.
Zach Edwards, a senior analyst at cybersecurity firm Silent Push, explained that the majority of victims are tech-savvy individuals looking for AI tools.
Deceptive SEO Tactics
The hackers cleverly employed effective search engine optimization (SEO) strategies to rank their sites highly in search results. These sites appear professional and legitimate, with working interfaces for uploading images and generating supposed deepfakes. However, users are eventually redirected to non-working Dropbox links, leaving their devices infected with malware.
Silent Push has already identified at least seven of these deceptive sites, including “aiNude.ai,” “easynude.website,” and “nude-ai.pro.” Although these sites have been taken down, experts warn that devices used to access them may already be compromised.
FIN7’s Long History of Cyber Fraud
FIN7 is well-known for its history of financial fraud and connections to several ransomware gangs, including DarkSideand BlackMatter. These groups have been responsible for major attacks, such as the $20 million ransom demanded from UnitedHealth. The hackers are notorious for using clever phishing tactics, often disguising themselves as legitimate companies to lure people into downloading malware.
Anyone who has interacted with these fake AI websites should immediately check their devices for potential malware infections and secure their crypto wallets to avoid further financial loss.
