A threat actor has orchestrated a sophisticated malvertising campaign impersonating Kling AI, a popular AI-powered image and video synthesis tool. The attackers use counterfeit Facebook pages and paid ads to drive traffic to a convincing fake website. Users are tricked into downloading malicious files disguised as AI-generated media, which are actually executable loaders. These loaders employ advanced evasion techniques, including .NET Native AOT compilation, and deploy infostealers with extensive monitoring capabilities. The campaign has a global reach, particularly targeting users in Asia, and exploits the growing popularity of AI content generation platforms. The malware focuses on stealing credentials, session tokens, and monitoring crypto-related activities across multiple browsers and applications. Author: AlienVault
Related Tags:
T1132.002
PureHVNC
T1583.002
T1074.001
facebook ads
T1583.001
T1204.001
T1132.001
T1056.001
Associated Indicators:
2D5E01CFACDF9F900B51B0539E0809F22CE1859EAC0886866AF35A2EB2DC2D42
1E66EBAEF295C2A32245162979D167CEBAD1FECE51B7CDB6A6C3A1D705BEFA6B
06D9D60DDBE835ABC5B16911A35732CC9B56EA9425DE210961A15D465823978F
B33E162A78B7B8E7DBBAB5D1572D63814077FA524067CE79C37F52441B8BD384
2588FDFA7417D617DF2D31EDDEA710D0F964008ABC2F4860CDFF588AB9786D0A
7035B5BA24146DB537EEDB1F05E6CAD1775F9F5E81306F72422C03B288F75448
3FBA4A0942244E9C3AD25A57A21F91B06F8732A2CA36DA948AE5F0AFA51DC72B
9DAB2BADFDAE86963B2F13CE8942FE78DD66EC497F8D82DD40C0CB5BEC4FB2A7
699E348260AE5B60CD822325F1C4BF2C793F6F25001357856C58520A9AF10987