A threat actor known as UNC6032 from Vietnam has been exploiting the popularity of AI tools to infect users through fake websites mimicking legitimate AI platforms. This campaign has involved widespread social media advertising and distribution of malware including XWorm, Frostrift backdoors, and the Noodlophile Stealer. #UNC6032 #XWorm
Keypoints
- UNC6032 is using fake AI content creation websites to spread malware globally.
- The campaign relies on social media ads on platforms like Facebook and LinkedIn to lure victims.
- Malware delivery involves DLL side-loading, process injection, and in-memory droppers.
- The ZIP archives contain executables that deploy multiple backdoors and stealers such as XWorm and Noodlophile.
- Users are advised to verify website legitimacy and exercise caution when engaging with AI tools online.
Read More: https://www.securityweek.com/vietnamese-hackers-distribute-malware-via-fake-ai-themed-websites/