Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Fin7 uses fake websites for cyberattacks and data theft.
Researchers at Silent Push have uncovered a new fraud scheme linked to the Fin7 cybercriminal group. The attackers have created several websites that allegedly offer services for creating fake nudes using artificial intelligence. In reality, these resources are designed to spread malware that steals user credentials.
Experts have identified seven different sites advertising themselves as services for creating deepfakes or nudes. Most of them use the name "AINude.AI" with slight variations in domain names. Trap sites do not outwardly differ from legal resources that offer such services. They have a similar interface design and feature set.
Some of the fake sites even allow you to upload images, giving users the illusion that the service is working. After uploading a photo, the site offers to download a result that supposedly contains a "nude" version of the image. However, instead of the promised content, the user receives the RedLine malware, which is currently considered the most common infostealer.
Once on the victim's computer, RedLine steals information stored in the browser, including login credentials and cryptocurrency wallet details. In this way, attackers gain access to sensitive user information.
According to Zach Edwards, senior threat analyst at Silent Push, the target audience of scammers is predominantly men who are interested in the latest technologies and cryptocurrencies. Attackers expect that potential victims will not contact law enforcement agencies due to the dubious nature of the service they tried to use.
Following a call from 404 Media reporters, Hostinger, which provided domain registration services for most of the fake sites, blocked access to them. However, the threat remains relevant, as one of Fin7's resources has been included in the list of recommended sites on a major content aggregator.
The Fin7 group is known for its professional approach to organizing cybercrimes. She uses enterprise software such as Hipchat to interview new recruits and JIRA to track tasks. Previously, Fin7 even created shell companies to hire penetration testing specialists, who later unwittingly participated in criminal operations.
Despite the arrests of several members of the group in 2018 and 2020, Fin7 continues to be active. This year, SentinelOne discovered that a tool developed by Fin7 to circumvent security systems was being advertised in criminal circles and used by various ransomware distribution groups.
Previously, Apple and Google blocked access to sites associated with Fin7 through their browsers. However, the malicious resources found in the latest investigation were available in both Chrome and Safari. Representatives of both companies said they were studying the situation.
Source
Researchers at Silent Push have uncovered a new fraud scheme linked to the Fin7 cybercriminal group. The attackers have created several websites that allegedly offer services for creating fake nudes using artificial intelligence. In reality, these resources are designed to spread malware that steals user credentials.
Experts have identified seven different sites advertising themselves as services for creating deepfakes or nudes. Most of them use the name "AINude.AI" with slight variations in domain names. Trap sites do not outwardly differ from legal resources that offer such services. They have a similar interface design and feature set.
Some of the fake sites even allow you to upload images, giving users the illusion that the service is working. After uploading a photo, the site offers to download a result that supposedly contains a "nude" version of the image. However, instead of the promised content, the user receives the RedLine malware, which is currently considered the most common infostealer.
Once on the victim's computer, RedLine steals information stored in the browser, including login credentials and cryptocurrency wallet details. In this way, attackers gain access to sensitive user information.
According to Zach Edwards, senior threat analyst at Silent Push, the target audience of scammers is predominantly men who are interested in the latest technologies and cryptocurrencies. Attackers expect that potential victims will not contact law enforcement agencies due to the dubious nature of the service they tried to use.
Following a call from 404 Media reporters, Hostinger, which provided domain registration services for most of the fake sites, blocked access to them. However, the threat remains relevant, as one of Fin7's resources has been included in the list of recommended sites on a major content aggregator.
The Fin7 group is known for its professional approach to organizing cybercrimes. She uses enterprise software such as Hipchat to interview new recruits and JIRA to track tasks. Previously, Fin7 even created shell companies to hire penetration testing specialists, who later unwittingly participated in criminal operations.
Despite the arrests of several members of the group in 2018 and 2020, Fin7 continues to be active. This year, SentinelOne discovered that a tool developed by Fin7 to circumvent security systems was being advertised in criminal circles and used by various ransomware distribution groups.
Previously, Apple and Google blocked access to sites associated with Fin7 through their browsers. However, the malicious resources found in the latest investigation were available in both Chrome and Safari. Representatives of both companies said they were studying the situation.
Source
