The notorious FIN7 group is using artificial intelligence (AI) and social engineering in a new campaign. The group has created at least seven websites that advertise a “DeepNude Generator.” This tool promises to use deepfake technology to transform any photo into a nude image of the person pictured. People can either download the generator or sign up for a “free trial.” Instead of receiving the tool, they end up downloading malicious payloads such as the stealers Lumma and Redline.
These can be used to deliver further malware such as ransomware. Given the provocative lure, organizations are vulnerable to the campaign. It may entice unsuspecting employees to download malicious files.
“These files may directly compromise credentials via infostealers or be used for follow-on campaigns that deploy ransomware,” according to Silent Push researchers. FIN7 also continues to promote an existing malvertising campaign. It targets corporate users with lures to content by popular brands to spread the .MSIX malware.
The researchers identified a number of active IPs and “active new websites” hosting the ploy. It asks people to download a fake “required browser extension,” which is actually a malicious payload, to view content.
Fin7 exploits AI with malvertising
The DeepNude Generator campaign shows sophisticated thought and planning by FIN7. The group developed at least seven dedicated website URLs to make it appear convincing. There is also evidence that FIN7 is using search engine optimization (SEO).
This keeps users engaged and ranks their honeypots higher in search results. The group created two website versions for promoting the deepfake tool. The first involves a “free download,” and the second offers a “free trial.” Each has a different attack flow.
The campaigns show that FIN7 remains an imminent threat. It also shows the group’s tenacity to evolve with modern technology and psychological tactics. This creates more sophisticated ways to spread malware.
To help combat threats from FIN7 and other cybercriminal groups, developing indicators of attack based on the group’s tactics, techniques, and procedures (TTPs) is one method. Training employees to be aware of these social engineering tactics and blocking the download of unknown files from the Internet onto corporate machines can also help avoid compromise.
