Fake AI Video Generators Stole Data From Windows, macOS

by CybrGPT
0 comment

Security researchers have uncovered a new cybercrime campaign that uses fraudulent websites to distribute malware, Lumma Stealer and AMOS, on Windows and macOS devices, respectively (via BleepingComputer).

These malicious programs aim to steal cryptocurrency wallets and cookies, credentials, saved passwords, credit card details, and browsing histories from popular browsers like Google Chrome, Microsoft Edge, and Mozilla Firefox.

The stolen data is compiled into an archive and transmitted to the attackers, who may exploit it for additional cyberattacks or sell it on underground marketplaces.

According to cybersecurity expert g0njxa, the attackers promote fake websites impersonating an AI (artificial intelligence) video and image editor called EditPro through search engine results and advertisements on X (formerly Twitter).

Some of these ads feature deepfake political videos, such as President Biden and Trump enjoying ice cream together, to draw attention.

How The Campaign Works

When you click the images, you are taken to two websites—editproai[.]pro and editproai[.]org for the EditProAI application—which were created to push Windows and macOS malware, respectively.

These sites are designed to appear credible, featuring professional layouts and ubiquitous cookie banners.

However, clicking on the “Get Now” links will download malware-laden files that are faking to be the EditProAI application.

Windows file: “Edit-ProAI-Setup-newest_release.exe”  [VirusTotal]

macOS file: “EditProAi_v.4.36.dmg” [VirusTotal]

The Windows malware is reportedly digitally signed using a stolen code-signing certificate from Softwareok.com, a legitimate freeware developer. Once downloaded, the malware transmits stolen data to a server located at “proai[.]club/panelgood/,” where attackers can retrieve it later, g0njxa says.

A report from AnyRun, a sandbox malware analysis service, confirmed that the Windows variant is Lumma Stealer. 

Potential Impact On Users

Those users who have installed these malicious tools in the past are at significant risk of compromise and are advised to reset them with unique passwords at every site visited immediately.

It is recommended that users enable multi-factor authentication for sensitive accounts, such as email services, online banking, and cryptocurrency platforms.

Additionally, one should be vigilant when downloading software, especially from unfamiliar sources, to avoid falling victim to these evolving threats.

Source link

You may also like

Leave a Comment

Stay informed with the latest in cybersecurity news. Explore updates on malware, ransomware, data breaches, and online threats. Your trusted source for digital safety and cyber defense insights.

BuyBitcoinFiveMinute

Subscribe my Newsletter for new blog posts, tips & new photos. Let’s stay updated!

© 2025 cybrgpt.com – All rights reserved.