Information-stealing payloads Lumma Stealer, RedLine Stealer, and D3F@ck Loader have been distributed by Russian advanced persistent threat operation FIN7 through a network of spurious deepfake nude generator websites, according to BleepingComputer.
Such websites, which are operated under "AI Nude" and are advanced by black hat SEO techniques, promise the conversion of uploaded photos into deepfake nudes but display a link, which when clicked redirected to another site with the password and link to the password-protected Dropbox-hosted archive that contains the infostealer malware, a report from Silent Push revealed. FIN7 also deployed concurrent attack campaigns involving browser extension lures to spread NetSupport RAT, as well as payloads purporting to be Zoom, Fortinet VPN, PuTTY, and other widely-known apps and brands. Such a development comes after FIN7 was reported to have peddled its endpoint protection software-killing tool to other threat actors, compromised a U.S. automaker's employees, and conducted Cl0p ransomware attacks.
