Malicious Google Search advertisements are being utilized in a BATLOADER campaign to direct users to dubious websites offering generative AI services such as OpenAI ChatGPT and Midjourney. These advertisements, flagged by eSentire, exploit the popularity of these AI services which lack first-party standalone applications. The threat actors drive AI app-seekers to imposter web pages that promote fake apps.
BATLOADER, a loader malware, spreads through drive-by downloads. Users searching for specific keywords on search engines encounter fraudulent ads. Clicking on these ads redirects them to rogue landing pages hosting malware. The installer file contains an executable file and a PowerShell script that downloads and loads RedLine Stealer from a remote server. After installation, the binary uses Microsoft Edge WebView2 to load the legitimate ChatGPT and Midjourney URLs in a pop-up window, avoiding suspicion.
This isn't the first time BATLOADER's operators have exploited the AI trend to distribute malware. In March 2023, eSentire reported similar attacks using ChatGPT lures to deploy Vidar Stealer and Ursnif. The use of Google Search ads for this purpose has decreased since early 2023, indicating that measures have been taken to minimize their exploitation.
These developments are part of a broader wave of phishing and scam campaigns capitalizing on the increasing use of AI tools. Threat actors distribute malware and fake apps through these campaigns. In related research, Sophos identified ChatGPT-related fleeceware apps in the Google Play and Apple App Store, which manipulate users into signing up for unwanted subscriptions.
In recent weeks, both Meta and Palo Alto Networks Unit 42 have warned of rising fraudulent activity that mimics the ChatGPT service. These scams aim to harvest users' credit card details, perpetrate credit card fraud, and create chatbot browser extensions that steal victims' Facebook account information. Unit 42 observed a 910% surge in monthly registrations for domains related to ChatGPT between November 2022 and early April 2023. These findings follow Securonix's discovery of the OCX#HARVESTER phishing campaign targeting the cryptocurrency sector from December 2022 to March 2023, which used More_eggs, a JavaScript downloader that loads additional payloads.
In January, eSentire traced one of the key operators of the malware-as-a-service (MaaS) to an individual in Montreal, Canada. The second threat actor associated with the group has been identified as a Romanian national known as Jack.