Russian hackers are using a network of AI-based ‘nudify’ sites to deliver malware capable of stealing crypto wallet login details.
As reported by 404 Media, cybersecurity researchers Silent Push discovered that Russian ransomware group Fin7 has created at least seven different AI-generated deepfake sites that create non-consensual nude images.
The sites steal crypto credentials and other sensitive data using ‘RedLine’ and ‘Lumma’ malware. Users are infected after downloading the supposed nudify software through a Dropbox link, or by applying for a free trial, which also prompts users to download the malicious malware.
Read more: High treason charge for Russian man who ‘sent crypto to Ukraine’
According to Zach Edwards, a senior threat analyst for Silent Push, the nudify pivot targets “men with a decent amount who use other AI software or have crypto accounts.”
“There’s a specific type of audience who wants to be on the bleeding edge of creepy (while ignoring new laws around deepfakes), and who are proactively searching out deepfake AI nude software,” Edwards told 404 Media.
Russian hackers are hot this week after the US took enforcement action against crypto exchanges Cryptex and PM2BTC, and a suspected money launderer for ransomware users and a number of other criminal enterprises.
On Wednesday, Russia announced that it arrested almost 100 people suspected of laundering on behalf of cybercriminals and hackers.