Emerging Threat: Malware Masquerading as Generative AI Assistants

A Quick Overview of Malware Disguised as Generative AI Assistants.

Singapore, 2 August 2024 – ESET’s latest research highlights a concerning trend where cybercriminals exploit the names of popular generative AI assistants to spread malware. During the first half of 2024, ESET telemetry identified several instances of this tactic, with two notable cases being the Rilide Stealer, a malicious Chrome browser extension, and an installer posing as an AI desktop app but delivering the Vidar infostealer instead.

Rilide Stealer: The Malicious Browser Extension

One significant threat identified is the Rilide Stealer, a harmful browser extension delivered to users via deceptive advertisements, mainly on Facebook. These ads falsely promise access to generative AI models. Despite appearing as Google Translate, the extension redirects users to legitimate-looking web pages for AI services such as OpenAI’s Sora and Google’s Gemini. However, ESET security products identified this extension as JS/Extenbro.Agent.EK and JS/Extenbro.Agent.EP, which is an infostealer targeting Facebook credentials, known as Rilide Stealer V4. Since August 2023, over 4,000 attempts to install this malicious extension have been recorded by ESET telemetry.

Vidar Infostealer: The Fake AI Image Generator Installer

Another significant case is the Vidar infostealer, distributed through Facebook ads, Telegram groups, and dark web forums. This malicious installer claims to provide Midjourney, an AI image generator, but instead installs the Vidar infostealer. If the installer detects the absence of a Java Runtime Environment (JRE) on the system, it displays an error message and opens the official Java download page, as Java is necessary for the installer to run. If JRE is already installed, a splash screen advertising Midjourney is shown.

This installer, identified as Java/TrojanDownloader.Agent.NWR, deploys multiple pieces of malware and AutoIt version 3, which subsequently delivers Vidar. Vidar can log keystrokes, steal credentials stored in browsers, and extract data from cryptocurrency wallets. Notably, Midjourney does not offer a desktop application; its AI model is only accessible as a Discord bot via the official Midjourney Discord server, direct messaging the bot, or adding it to a third-party server. By using the name Midjourney v6, the malware attempts to appear as the latest version of the Midjourney model.

Jiří Kropáč, ESET Director of Threat Detection, stated, “Although the ongoing development of generative AI models has been accompanied by safeguards to prevent their abuse, this has not prevented cybercrooks from pressing the topic of generative AI into cybercriminal service. Since 2023, we have seen predominantly infostealers abusing this theme and expect that trend to continue. Instead of clicking on untrustworthy links promising access to generative AI models, always navigate to the official websites of the provider. And to stay protected against infostealers, make sure to run reputable security solutions on your device.”