A group of miscreants tracked as UNC6032 is exploiting interest in AI video generators by planting malicious ads on social media platforms to steal credentials, credit card details, and other sensitive info, according to Mandiant.
The Google-owned threat hunters identified thousands of malicious ads on Facebook and about 10 on LinkedIn since November 2024. These ads directed viewers to more than 30 phony websites masquerading as legitimate AI video generator tools, including Luma AI, Canva Dream Lab, and Kling AI, falsely promising text- and image-to-video generation.
If a user visits the fake website and clicks on the “Start Free Now” button, they’re led through a bogus video-generation interface that mimics a real AI tool. After selecting an option and watching a fake loading bar, the site delivers a ZIP file containing malware that, once executed, backdoors the victim’s device, logs keystrokes, and scans for password managers and digital wallets.
UNC6032, assessed by Mandiant and Google Threat Intelligence as having ties to Vietnam, has found success with this campaign. The malicious ads have reached more than two million users across Facebook and LinkedIn, though the report authors caution that reach doesn’t necessarily equate to the number of victims.
Mandiant used both companies’ Ad Library tools, designed to comply with the European Union’s Digital Services Act (DSA), to identify the fake websites and the malicious ads’ reach.
“Mandiant Threat Defense performed further analysis of a sample of over 120 malicious ads and, from the EU transparency section of the ads, their total reach for EU countries was over 2.3 million users,” according to threat analysts Diana Ion, Rommel Joven, and Yash Gupta, although they note that “reach does not equate to the number of victims.”
The 10 LinkedIn ads had a total impression estimate of 50,000 to 250,000, with the US accounting for the highest percentage of impressions.
While we don’t know how many victims the scum successfully tricked into downloading the malware, Mandiant says it “observed UNC6032 compromises culminating in the exfiltration of login credentials, cookies, credit card data, and Facebook information through the Telegram API.”
Facebook ads were published on both attacker-created pages and compromised accounts, with UNC6032 “constantly” rotating the domains mentioned in the ads to avoid detection and account bans, while new ads are “created on a daily basis.”
Meta removed the malicious ads, blocked the URLs, and took down accounts behind them
A Meta spokesperson said the social media company doesn’t know how many victims the campaign may have affected.
“Meta removed the malicious ads, blocked the URLs, and took down accounts behind them — many before they were shared with us,” the spokesperson told The Register. “Cyber criminals constantly evolve their tactics to evade detection and target many platforms at once, and that’s why we collaborate with industry peers like Google to strengthen our collective defenses to protect our users.”
Mandiant, in its report, does give Meta kudos for its “collaborative and proactive threat hunting efforts in removing the identified malicious ads, domains, and accounts,” and adds that a “significant portion” of these detections and removals began last year, prior to Mandiant alerting Meta about its investigation.
The Register also reached out LinkedIn for comment, and will update this story when we hear back.
Instead of AI videos, these sites serve up malware
All of the websites investigated served up the same payload: STARKVEIL, a malware dropper that deploys three different modular malware families designed for information theft, all capable of downloading plugins.
The Mandiant team provides a deep dive into one particular attack that started with a Facebook ad for “Luma Dream AI Machine,” mimicking a text-to-video AI tool called Luma AI, but instead redirecting the user to an attacker-created website hosted at hxxps://lumalabsai[.]in/.
After visitors to the phony website click the download button, they receive a ZIP archive containing a Rust-based malware dropper named STARKVEIL. When executed, it extracts its payloads and displays a fake error message to coax the user into running it a second time, completing the infection chain.
In reality, however, “for a successful compromise, the executable needs to run twice,” we’re told. It drops its components during the first execution, and then runs a launcher during the second execution.
One of the malware dropped is GRIMPULL, a .NET-based downloader with anti-VM and anti-malware analysis capabilities, which uses Tor for C2 server connections.
Another is XWORM, also a .NET-based backdoor with capabilities including keylogging, command execution, screen capture, and spreading to USB drives.
The third is FROSTRIFT, a .NET backdoor loaded via DLL sideloading into a legitimate Windows process. This malware attempts to establish persistence on the compromised machine, and checks for the existence of 48 browser extensions related to password managers, authenticators, and digital wallets. All 48 are listed in the report.
“Although our investigation was limited in scope, we discovered that well-crafted fake ‘AI websites’ pose a significant threat to both organizations and individual users,” the Mandiant trio wrote. “These AI tools no longer target just graphic designers; anyone can be lured in by a seemingly harmless ad.” ®
