Cybercriminals are using fake AI image and video generator websites to steal login information and browsing history from Windows and MacOS. These malicious utilities, including Lumma Stealer for Windows and AMOS for macOS, deploy malware to exfiltrate sensitive data.
While Lumma Stealer targets Windows devices, AMOS focuses on macOS. Despite their platform-specific designs, both malware types can compromise cryptocurrency wallets, cookies, passwords, credit card information, and browsing histories from browsers like Google Chrome, Microsoft Edge, Mozilla Firefox, and other Chromium-based platforms.
Lumma Stealer Malware Hidden in Fake AI Editor
A smart social media campaign by threat actors lured unsuspecting users into downloading fake editing software, posing as “EditPro” an AI-based video and image editing tool. Cybercriminals created counterfeit websites resembling EditPro’s official platform to distribute Lumma Stealer malware.
Active since 2022, this insidious malware employs advanced tactics, including process injection and encrypted communication with remote command servers, making it exceptionally difficult for standard cybersecurity defences to detect.
Cybersecurity researcher g0njxa revealed this complex attack public by exposing editproai[dot]pro, a malicious website created to spread the Lumma Stealer malware.
Cybercriminals have created a convincing front by luring users with an AI video and picture manipulation tool that seems authentic. These threat actors design a perfect trap that appears authentic but contains malicious malware by taking advantage of customers’ interest in innovative productivity tools. Given its increasing complexity and ability to infiltrate systems covertly, the Lumma Stealer poses a serious threat.
Advertisements on social media platforms like X included deepfake videos of Presidents Trump and Biden sharing ice cream. These ads, targeting both Windows and macOS users, tricked individuals into installing malware. Unknowingly, victims compromised their systems’ security by downloading AMOS or Lumma Stealer.
These fake websites, including editproai[dot]pro and editproai[dot]org, appeared professional, complete with cookie banners to project legitimacy. However, clicking the “Get Now” button installs malware masquerading as the EditProAI program. The file name for Windows is “Edit-ProAI-Setup-newest_release.exe“, whereas for MacOS it is “EditProAi_v.4.36.dmg“.
It is a terrible experience to download fraudulent software like “EditPro” since it could allow hackers access to your bank information, personal information, and passwords. If this occurs, start by using reputable antivirus software to remove the malware from your system, making sure that no traces remain.
Change all your passwords as soon as your system is clean, paying particular attention to important accounts like email, bank accounts, and cryptocurrency wallets. To add an extra layer of protection, activate two-factor authentication (2FA) whenever possible.
Employees should receive training from their organisations to identify phishing attempts, fraudulent downloads, and other online threats. With proper training and attention to detail, businesses can minimise risks and safeguard sensitive data.
Phishing attacks are on the rise, and it is important to protect your organisation. One effective way to do this is by increasing user awareness about these types of attacks. Phishing Tackle is a great resource that can help you in this regard. They offer a free 14-day trial to help train your users to recognise and avoid phishing attacks.
