Listen to this Post
The rise of artificial intelligence (AI) in creative tools has revolutionized the way we produce content, but this also brings a new wave of threats. One of the most alarming recent developments is the emergence of fake Kling AI malvertisements, which exploit unsuspecting users by luring them with promises of AI-generated images and videos. These deceptive ads lead to malicious websites that deploy malware, putting your sensitive data at risk.
the Original
Researchers have discovered a dangerous malvertising campaign that impersonates Kling AI, a popular platform for AI-generated media. Through paid ads and counterfeit Facebook pages, cybercriminals are driving traffic to fraudulent websites designed to mimic the legitimate Kling AI platform. Visitors are promised AI-generated images and videos, but instead of receiving the requested media, they are tricked into downloading a malicious file disguised as an image or video (.mp4 or .jpg extensions). However, the file is actually a Windows executable that, when opened, triggers a malware loader.
This loader uses sophisticated techniques such as .NET Native AOT (Ahead-Of-Time Compilation) to evade detection, and once activated, it deploys infostealers that harvest sensitive data, including browser credentials and session tokens. Researchers noted that the campaign has been ongoing since early 2025, with several websites running similar scams. Some domains have been taken down, but a few are still active, continuing to target victims.
This
What Undercode Says: A Deeper Look into AI-related Malvertisements
The use of AI tools has soared in popularity, with platforms like Kling AI offering users the ability to create images and videos effortlessly. While this opens up vast creative possibilities, it also exposes individuals to new cyber risks, especially when malicious actors capitalize on the AI craze.
The malicious campaign impersonating Kling AI highlights the evolving tactics of cybercriminals. Rather than using traditional phishing methods or simple malware downloads, these threat actors now rely on the allure of innovative technologies like AI to trick users. By creating fake platforms that mimic real ones, they make their scams appear more legitimate and enticing.
The fact that these fake websites are using Facebook ads and other paid promotional channels underscores how sophisticated these cybercriminals are becoming. Their use of targeted advertising allows them to reach a large, unsuspecting audience. This method of distribution is not just limited to Kling AI, either. It’s part of a broader trend where malware is disguised as AI-driven tools, taking advantage of users’ curiosity and trust in emerging technologies.
What makes this campaign particularly dangerous is its ability to evade detection. The use of double extensions and Hangul Filler characters is a clever tactic that prevents standard malware scanners from recognizing the malicious files. Furthermore, the .NET Native AOT Compilation adds another layer of complexity, making it harder for traditional security tools to analyze the threat.
Once the malware is installed, it doesn’t just stop at stealing credentials. The infostealers can exfiltrate a wide range of sensitive data, potentially leading to identity theft, financial losses, or unauthorized access to personal accounts. These types of attacks can have long-lasting consequences, especially for individuals who store sensitive information in their browsers or rely on auto-fill functions for passwords.
While researchers have been tracking these malicious campaigns since early 2025, the persistence of the threat is concerning. Even though some domains have been taken down, others continue to operate, indicating that the cybercriminals behind these campaigns are adaptable and resilient. It’s likely that these scams will only grow more sophisticated as AI technology continues to evolve, making it crucial for users to stay vigilant and informed.
Fact Checker Results
Legitimate AI platforms are increasingly becoming targets for impersonation. Malvertising campaigns like these exploit user trust in AI technologies.
Double extensions and Hangul Filler characters are used to disguise malicious files, making them difficult to detect by traditional security software.
Infostealers are a major threat, as they can capture sensitive data from browsers, leading to potential identity theft and unauthorized access.
Prediction: How AI-Driven Scams Will Evolve
As AI continues to advance, so too will the sophistication of scams targeting users. We can expect to see more malicious actors using AI-generated content to lure victims, with increasingly refined methods to evade detection. These attacks may become even more personalized, as cybercriminals leverage AI tools to create more convincing fake platforms and media. In response, cybersecurity companies will likely develop more advanced tools to detect and block these kinds of threats, but users will need to stay proactive by being cautious about the AI services they engage with and ensuring they are legitimate.
References:
Reported By: www.darkreading.com
Extra Source Hub:
https://www.discord.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
