The popularity of AI-based end-user tools is increasing. Unfortunately, it has also attracted cybercriminals who use various social engineering tricks to lure potential victims. Recently, a malicious advertising campaign was observed abusing the Google Search engine to push malicious executables disguised as popular AI tools such as ChatGPT and Midjourney.
Abusing Midjourney via poisoned search
Trendmicro researchers have revealed details about ongoing malicious advertisement campaigns advertising Midjourney. Midjourney is an AI-based tool that generates images using instructions provided in natural language.
- The campaign displays SEO-poisoned search results for the keyword that would redirect users to malicious websites to eventually download Redline Stealer.
- Upon clicking on ads, the user’s IP address is sent to the backend server. If the IP address belongs to some web-crawling bot or if the user is visiting the URL by manually typing it, a non-malicious version of the domain is displayed to avoid detection.
- However, if the user is coming through the malicious ads, a malicious executable masquerading as the desktop version of Midjourney is served to the visitor.