Vietnam-Nexus Hackers Distribute Malware Via Fake AI Video Generators

SUMMARY :

A hacking group with alleged ties to Vietnam has been exploiting social media ads promoting AI video generators to distribute malware since mid-2024. The campaign, discovered by Mandiant, uses fake websites mimicking legitimate AI tools to deploy payloads including Python-based infostealers and backdoors. The group, tracked as UNC6032, has reached millions of users through Facebook and LinkedIn ads, primarily targeting EU countries and the US. The malware distributed includes STARKVEIL, XWORM, FROSTRIFT, and GRIMPULL, designed for information theft and capable of downloading additional plugins. The attackers employ a multi-payload mechanism for resilience against detection. Users are advised to exercise caution when engaging with AI tools and verify website legitimacy.

OPENCTI LABELS :

backdoor,infostealer,xworm,vietnam,noodlophile stealer,frostrift,grimpull,social media ads,starkveil,ai video generators


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Vietnam-Nexus Hackers Distribute Malware Via Fake AI Video Generators