Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites

Over the past year, a threat actor has been banking on the wild popularity of AI tools to lure computer users to fake content creation websites and infect their systems with malware, Mandiant reports.

Using fake websites masquerading as legitimate AI video generator tools, Mandiant is warning that the ‘UNC6032’ hacking group out of Vietnam is pushing information stealers and backdoors to victims across different geographies and industries.

The widespread campaign has been active since at least mid-2024, luring the unsuspecting victims to the fake websites via thousands of ads on social media platforms such as Facebook and LinkedIn, and likely on other platforms as well.

Most of the ads ran on Facebook, being published using either attacker-created Facebook pages or compromised Facebook accounts. Meta started removing some of the malicious ads, domains, and accounts in 2024, before Mandiant notified it of its findings.

Mandiant said it identified over 30 different fake websites posing as popular tools such as Luma AI, Canva Dream Lab, and Kling AI, which have been promoted through a network of more than 120 misleading social media ads that reached millions of users, including over 2.3 million in the European Union.

Promising text-to-video or image-to-video generation capabilities, the fake websites would present the same prompt to any visitor, and then serve a ZIP archive that is offered for download once the fake video creation process is supposedly completed.

According to Mandiant, the infection chain it observed relies heavily on DLL side-loading, process injection, and in-memory droppers, and uses AutoRun registry keys to achieve persistence.

The ZIP archive contains a double-extension executable that delivers the Rust-based Starkveil dropper to the victims’ machines. The dropper then executes the Coilhatch launcher, which deploys the XWorm and Frostrift .NET backdoors, along with the .NET downloader Grimpull.

A separate report from Morphisec notes that the malicious AI output served by the fake websites dropped the Noodlophile Stealer, sometimes bundled with the XWorm backdoor.

Mandiant observed both XWorm and Frostrift collecting system information, including usernames, OS details, hardware identifiers, and anti-virus details. XWorm can also log keystrokes, while Frostrift checks for certain messaging applications, browsers, and browser extensions.

“As AI has gained tremendous momentum recently, our research highlights some of the ways in which threat actors have taken advantage of it. These AI tools no longer target just graphic designers; anyone can be lured in by a seemingly harmless ad. We advise users to exercise caution when engaging with AI tools and to verify the legitimacy of the website’s domain,” Mandiant added.

Related: Ongoing Campaign Uses 60 NPM Packages to Steal Data

Related: MITRE Hackers’ Backdoor Has Targeted Windows for Years

Related: Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild