AI Tools Utilized Once More – Redline Stealer Returns
AI chatbots have seen explosive popularity over the past few months. Be it Bing Chat, Google Bard, or ChatGPT, these tools made it a lot easier for users to optimize their work processes. However, popularity comes with a price – fake versions designed by cybercriminals to infiltrate systems and deploy Redline.
When it comes to popularity, ChatGPT has harnessed a whole lot of that ever since its inception in late 2022. In fact, the chatbot has been impersonated several times by threat actors, mainly through malvertising campaigns.
This time around, the Ai service is once again in the spotlight, as fake ads are looming on the internet, delivery none other than the Redline stealer among victims. What is this campaign all about? We’ll explain everything in the following article.
Download for Windows: The Cliche Scheme Back at It
Every time a user wants to download some sort of content from the internet, they should always remain vigilant and cautious. They never know what they’re installing on their devices.
ChatGPT saw a huge spike in popularity in the past few months, and we clearly understand why. The tool saw an overload in requests, which forced OpenAI to create a waiting list.
ChatGPT made everything convenient, but users will always want more. We all can agree that having a dedicated client will make everything easier.
But ChatGPT can only be accessed through web browsers. Well, that didn’t stop the individuals behind Redline as they created fake websites, promising a ChatGPT Windows app.
The campaign doesn’t end with ChatGPT. Other platforms, such as Midjourney – an AI tool that generates images from natural language descriptions – have also been masqueraded as using malvertising.
It all starts with a Google search. The results will show malicious ads when a user searches for the keyword “midjourney.”
Topping the search results will directly trick anyone into clicking the provided link. Once that is done, the user’s IP address is sent to a backend server.
Next, the link will take him/her to a malicious webpage where a download button is waiting there to be clicked on. (Source: TrendMicro)
Once the victims click on the downloaded file, a fake installation window will pop up, giving the illusion that everything is normal.
However, in the background, the malicious PowerShell download process continues to run on the device. And that’s when the Redline stealer takes root and initiates the exfiltration process.
This includes sensitive information such as cryptocurrency wallet data, browser cookies, passwords, and file information.
There is NO APPLICATION!!!
Such campaigns won’t stop, but you can avoid the damage. Asking users to download a client should already be a red flag by itself.
Both ChatGPT and MidJourney have no clients. Not for Mac, not iOS, not Android, and most definitely not Windows.
Please make sure you don’t fall for these schemes. We know an app can be convenient, but don’t trust sources that aren’t official companies. If an app is on its way, ChatGPT and MidJourney would inform their users. Stay Safe.