Listen to this Post
The rise of artificial intelligence tools has brought exciting innovations, but it has also given rise to a new wave of cybercrime. Among the latest threats, counterfeit Facebook pages and fraudulent sponsored ads are being used to trick unsuspecting users into downloading malware disguised as Kling AI, an AI-powered platform for generating images and videos. Launched by Kuaishou Technology in June 2024, Kling AI has quickly gained popularity, boasting over 22 million users as of April 2025. Unfortunately, some malicious actors are using the platformās reputation to distribute malware that grants them remote access to victims’ devices, leading to significant data theft.
the Issue
Counterfeit Facebook pages and sponsored ads have been deployed to lead users to deceptive websites posing as Kling AI platforms, such as klingaimedia[.]com and klingaistudio[.]com. These sites claim to allow users to generate AI-created images and videos directly from their browsers. However, instead of delivering the expected multimedia, they serve a malicious Windows executable file. This file is cleverly disguised with double extensions and Hangul Filler characters to avoid detection.
Once downloaded, the malware works as a loader for a Remote Access Trojan (RAT) that takes control of the infected system. It also installs a stealer program that can exfiltrate sensitive data such as browser-stored credentials, session tokens, and other private information. The trojan is designed to evade analysis tools by making changes to the Windows Registry and injecting itself into legitimate system processes like āCasPol.exeā and āInstallUtil.exe.ā
The malware is part of a sophisticated attack campaign that has been traced back to Vietnam, where threat actors have been using fake social media ads to distribute stealer malware. These groups are capitalizing on the growing popularity of generative AI tools like Kling AI to lure victims. Once infected, the trojan can capture sensitive data from cryptocurrency wallets, making it particularly dangerous for users of Chromium-based browsers. The attack also employs tactics such as capturing screenshots when sensitive websites, like banking or wallet portals, are open, further enhancing the threat.
This attack strategy follows a broader trend of cybercriminals exploiting social media platforms for malicious purposes. According to recent reports, Facebook and Instagram have been rife with scams of all kinds, including fake job ads, romance scams, and counterfeit giveaways. This campaign, using Kling AIās name, shows just how advanced and targeted social media-based threats have become.
What Undercode Says:
The cyberattack using fake Kling AI platforms is a part of a larger strategy aimed at capitalizing on the booming AI trend. By hijacking the name and credibility of an emerging AI tool, threat actors exploit people’s trust in new technologies to install malware on their systems. The use of social engineering tactics, combined with sophisticated malware like RATs and data stealers, demonstrates how cybercriminals are adapting to modern digital trends.
One of the most alarming aspects of this attack is its subtlety. The fake Facebook pages and sponsored ads appear legitimate, making it easy for users to fall victim without realizing it. The malwareās ability to remain undetected through obfuscation techniques, such as double extensions and registry modifications, shows the increasing sophistication of these attacks. The attackās reliance on trusted platforms like Facebook adds to its credibility and increases the likelihood of widespread infection.
Another noteworthy point is the targeting of cryptocurrency wallet extensions. As cryptocurrencies become more mainstream, cybercriminals are increasingly focusing on these valuable assets. This makes the theft of sensitive information, particularly from cryptocurrency users, a high priority for hackers.
This operation fits into the broader pattern of social media-based attacks that are becoming more frequent and advanced. The growing trend of using AI-powered tools as bait for malware is a concerning development that will likely continue as AI technologies gain popularity.
Fact Checker Results š
Ad and Website Legitimacy: The ads and websites promoting Kling AI are fake, designed to lure users into downloading malicious software.
Origin of Attack: The campaign appears to have been orchestrated by Vietnamese threat actors, who have a history of using social media malvertising techniques.
Data Theft Focus: The malware specifically targets sensitive data, including cryptocurrency wallet credentials, browser-stored credentials, and session tokens.
Prediction š®
As AI tools continue to rise in popularity, we can expect an increase in similar scams targeting users. Cybercriminals are likely to continue using trusted platforms like Facebook and Instagram to distribute fake ads and lure people into downloading malware. Furthermore, the trend of targeting cryptocurrency users will likely grow, as these digital assets remain an attractive target for cybercriminals. To combat this, social media platforms and users will need to be more vigilant and adopt stricter security measures to avoid falling victim to these increasingly sophisticated attacks.
References:
Reported By: thehackernews.com
Extra Source Hub:
https://www.linkedin.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
