Security News > 2023 > May > Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware

Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware
2023-05-19 06:53

Malicious Google Search ads for generative AI services like OpenAI ChatGPT and Midjourney are being used to direct users to sketchy websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware.

BATLOADER is a loader malware that's propagated via drive-by downloads where users searching for certain keywords on search engines are displayed bogus ads that, when clicked, redirect them to rogue landing pages hosting malware.

The installer file, per eSentire, is rigged with an executable file and a PowerShell script that downloads and loads RedLine Stealer from a remote server.

The adversary's use of ChatGPT and Midjourney-themed lures to serve malicious ads and ultimately drop the RedLine Stealer malware was also highlighted last week by Trend Micro.

This is not the first time the operators behind BATLOADER have capitalized on the AI craze to distribute malware.

The cybersecurity company further pointed out the abuse of Google Search ads has fallen off from their early 2023 peak, suggesting that the tech giant is taking active steps to curtail its exploitation.


News URL

https://thehackernews.com/2023/05/searching-for-ai-tools-watch-out-for.html