Researchers from eSentire have discovered a new phishing campaign that is targeting users that are searching for AI services such as ChatGPT and Midjourney. The campaign utilizes Google Search Ads to direct users to fraudulent web pages that imitate the real services. Once a user clicks on a malicious link, they are redirected to a page that downloads a counterfeit Windows application. The application is a malicious installer of an info stealer application. If installed, malicious tool can steal a wide range of data from a victim’s computer, including passwords, credit card numbers, and other sensitive information without the user knowing what’s happening. The threat actors behind this campaign are likely using the stolen data to commit fraud or other crimes.

The researchers from eSentire believe that this campaign is still active and that more users could be affected, so be alert and informed.

We recommend that users be aware of the dangers of this campaign and take steps to protect themselves. Some of the steps that users can take include:

• Raise awareness of malware masquerading as legitimate applications by forwarding this blog post to others you care about.
• Only download applications from trusted sources – this includes mobile apps on your cell phone.
• Be suspicious of any links that you receive in emails or on social media, especially those that portray a sense of urgency… such as, click this button now or else something bad will happen.
• Use advanced Endpoint Detection and Response anti-malware software. Traditional anti-virus is not good enough anymore.
• Use a firewall to protect your computer from unauthorized access.

This new campaign is a reminder that threat actors are always looking for new ways to exploit users. It is important to be aware of the dangers of these campaigns and to take steps to protect yourself.