Incident 865: Fake AI 'Nudify' Sites Reportedly Linked to Malware Distribution by Russian Hacker Collective FIN7

Description: The hacker group FIN7 is allegedly behind fake AI "nudify" websites distributing infostealer malware to users, according to an investigation by Silent Push. These sites are reported to lure individuals seeking deepfake AI tools into downloading malware disguised as software to "nudify" photos. The malware steals sensitive data from victims, which is used for extortion or financial fraud. FIN7's activity on this front reportedly marks the revival of a group previously declared defunct by the U.S. Department of Justice.
Editor Notes: FIN7 is also referred to as Carbon Spider, ELBRUS, or Sangria Tempest. See Silent Push's report for more details: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/.

Incident Stats

Incident ID
865
Report Count
5
Incident Date
2024-10-02
Editors
Daniel Atherton
Tracking FIN7 malware honeypots, new AI deepfake lures
virusbulletin.com · 2024

FIN7 (also known as Sangria Tempest) is a financially motivated threat group with links to Russia, that has been operating since at least 2013, and that was previously thought to have been eliminated by the DOJ.

From a single origin point, …

FIN7 hosting honeypot domains with malicious AI Generators – New Silent Push research
silentpush.com · 2024
  • Silent Push research indicates FIN7 threat actors are using a new AI adult-based generator, on at least seven different websites.
  • We observed FIN7 using two versions of the AI deepnude malware honeypots: one that requires a simple download…
Russian Hackers Are Using Fake AI "Nudify" Sites to Steal Data
futurism.com · 2024

Multiple sites masquerading as "nudify" services, which use AI to deepfake clothed photographs into often nonconsensual nudes, have been linked to a notorious Russian hacker collective that was believed to be dead.

As 404 Media reports, Zac…

FIN7 Gang Hides Malware in AI “Deepnude” Sites
infosecurity-magazine.com · 2024

An infamous financially motivated threat group is luring victims to a network of malware-baited sites, promising downloads of deepfake tools, according to a new report from Silent Push.

The security vendor claimed that the Russia-based FIN7…

Breach Roundup: AI 'Nudify' Sites Serve Malware
bankinfosecurity.com · 2024

"Nudify" websites promising fake pornographic content based on a real-life photo may serve up malware alongside the sexual abuse.

Researchers from Silent Push in research published Wednesday observed the Russia-based, financially motivated …

Variants

A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Bug in Facebook’s Anti-Spam Filter Allegedly Blocked Legitimate Posts about COVID-19

Bug in Facebook’s Anti-Spam Filter Allegedly Blocked Legitimate Posts about COVID-19

· 1 report
Fake LinkedIn Profiles Created Using GAN Photos

Fake LinkedIn Profiles Created Using GAN Photos

· 4 reports
DALL-E Mini Reportedly Reinforced or Exacerbated Societal Biases in Its Outputs as Gender and Racial Stereotypes

DALL-E Mini Reportedly Reinforced or Exacerbated Societal Biases in Its Outputs as Gender and Racial Stereotypes

· 4 reports
Previous IncidentNext Incident