Intel Name: Text-to-malware: how cybercriminals weaponize fake ai-themed websites
Date of Scan: May 29, 2025
Impact: Medium
Summary: Since mid-2024, the cyber threat group UNC6032 has exploited public interest in AI tools by creating fake websites that mimic popular AI video generators like Luma AI and Canva Dream Lab. These fraudulent sites are promoted through deceptive ads on platforms such as Facebook and LinkedIn, distributing malware including Python-based infostealers and backdoors. The campaign has led to the theft of login credentials, cookies, credit card data, and social media information via the Telegram API. The attackers are believed to have ties to Vietnam and continue to evolve their tactics across multiple platforms to evade detection.
