Skip to Content
logologo
AI Incident Database
Open TwitterOpen RSS FeedOpen FacebookOpen LinkedInOpen GitHub
Open Menu
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse

Incident 865: Fake AI 'Nudify' Sites Reportedly Linked to Malware Distribution by Russian Hacker Collective FIN7

Description: The hacker group FIN7 is allegedly behind fake AI "nudify" websites distributing infostealer malware to users, according to an investigation by Silent Push. These sites are reported to lure individuals seeking deepfake AI tools into downloading malware disguised as software to "nudify" photos. The malware steals sensitive data from victims, which is used for extortion or financial fraud. FIN7's activity on this front reportedly marks the revival of a group previously declared defunct by the U.S. Department of Justice.
Editor Notes: FIN7 is also referred to as Carbon Spider, ELBRUS, or Sangria Tempest. See Silent Push's report for more details: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/.

Tools

New ReportNew ReportNew ResponseNew ResponseDiscoverDiscoverView HistoryView History

Entities

View all entities
Alleged: FIN7 , Carbon Spider , ELBRUS , Sangria Tempest , Infostealer malware delivery system , Fake AI-powered nudify tools , Lumma Stealer , Redline Stealer , D3F@ck Loader and NetSupport RAT (Remote Access Trojan) developed and deployed an AI system, which harmed Users of fake nudify sites.
Alleged implicated AI systems: Infostealer malware delivery system , Fake AI-powered nudify tools , Lumma Stealer , Redline Stealer , D3F@ck Loader and NetSupport RAT (Remote Access Trojan)

Incident Stats

Incident ID
865
Report Count
5
Incident Date
2024-10-02
Editors
Daniel Atherton
Applied Taxonomies
MIT

MIT Taxonomy Classifications

Machine-Classified
Taxonomy Details

Risk Subdomain

A further 23 subdomains create an accessible and understandable classification of hazards and harms associated with AI
 

4.3. Fraud, scams, and targeted manipulation

Risk Domain

The Domain Taxonomy of AI Risks classifies risks into seven AI risk domains: (1) Discrimination & toxicity, (2) Privacy & security, (3) Misinformation, (4) Malicious actors & misuse, (5) Human-computer interaction, (6) Socioeconomic & environmental harms, and (7) AI system safety, failures & limitations.
 
  1. Malicious Actors & Misuse

Entity

Which, if any, entity is presented as the main cause of the risk
 

Human

Timing

The stage in the AI lifecycle at which the risk is presented as occurring
 

Post-deployment

Intent

Whether the risk is presented as occurring as an expected or unexpected outcome from pursuing a goal
 

Intentional

Incident Reports

Reports Timeline

+2
Tracking FIN7 malware honeypots, new AI deepfake lures
+2
Russian Hackers Are Using Fake AI "Nudify" Sites to Steal Data
Tracking FIN7 malware honeypots, new AI deepfake lures

Tracking FIN7 malware honeypots, new AI deepfake lures

virusbulletin.com

FIN7 hosting honeypot domains with malicious AI Generators – New Silent Push research

FIN7 hosting honeypot domains with malicious AI Generators – New Silent Push research

silentpush.com

Russian Hackers Are Using Fake AI "Nudify" Sites to Steal Data

Russian Hackers Are Using Fake AI "Nudify" Sites to Steal Data

futurism.com

FIN7 Gang Hides Malware in AI “Deepnude” Sites

FIN7 Gang Hides Malware in AI “Deepnude” Sites

infosecurity-magazine.com

Breach Roundup: AI 'Nudify' Sites Serve Malware

Breach Roundup: AI 'Nudify' Sites Serve Malware

bankinfosecurity.com

Tracking FIN7 malware honeypots, new AI deepfake lures
virusbulletin.com · 2024

FIN7 (also known as Sangria Tempest) is a financially motivated threat group with links to Russia, that has been operating since at least 2013, and that was previously thought to have been eliminated by the DOJ.

From a single origin point, …

FIN7 hosting honeypot domains with malicious AI Generators – New Silent Push research
silentpush.com · 2024
  • Silent Push research indicates FIN7 threat actors are using a new AI adult-based generator, on at least seven different websites.
  • We observed FIN7 using two versions of the AI deepnude malware honeypots: one that requires a simple download…
Russian Hackers Are Using Fake AI "Nudify" Sites to Steal Data
futurism.com · 2024

Multiple sites masquerading as "nudify" services, which use AI to deepfake clothed photographs into often nonconsensual nudes, have been linked to a notorious Russian hacker collective that was believed to be dead.

As 404 Media reports, Zac…

FIN7 Gang Hides Malware in AI “Deepnude” Sites
infosecurity-magazine.com · 2024

An infamous financially motivated threat group is luring victims to a network of malware-baited sites, promising downloads of deepfake tools, according to a new report from Silent Push.

The security vendor claimed that the Russia-based FIN7…

Breach Roundup: AI 'Nudify' Sites Serve Malware
bankinfosecurity.com · 2024

"Nudify" websites promising fake pornographic content based on a real-life photo may serve up malware alongside the sexual abuse.

Researchers from Silent Push in research published Wednesday observed the Russia-based, financially motivated …

Variants

A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Bug in Facebook’s Anti-Spam Filter Allegedly Blocked Legitimate Posts about COVID-19

Bug in Facebook’s Anti-Spam Filter Allegedly Blocked Legitimate Posts about COVID-19

Mar 2020 · 1 report
Fake LinkedIn Profiles Created Using GAN Photos

Fake LinkedIn Profiles Created Using GAN Photos

Feb 2022 · 4 reports
DALL-E Mini Reportedly Reinforced or Exacerbated Societal Biases in Its Outputs as Gender and Racial Stereotypes

DALL-E Mini Reportedly Reinforced or Exacerbated Societal Biases in Its Outputs as Gender and Racial Stereotypes

Jun 2022 · 4 reports
Previous IncidentNext Incident

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Bug in Facebook’s Anti-Spam Filter Allegedly Blocked Legitimate Posts about COVID-19

Bug in Facebook’s Anti-Spam Filter Allegedly Blocked Legitimate Posts about COVID-19

Mar 2020 · 1 report
Fake LinkedIn Profiles Created Using GAN Photos

Fake LinkedIn Profiles Created Using GAN Photos

Feb 2022 · 4 reports
DALL-E Mini Reportedly Reinforced or Exacerbated Societal Biases in Its Outputs as Gender and Racial Stereotypes

DALL-E Mini Reportedly Reinforced or Exacerbated Societal Biases in Its Outputs as Gender and Racial Stereotypes

Jun 2022 · 4 reports

Research

  • Defining an “AI Incident”
  • Defining an “AI Incident Response”
  • Database Roadmap
  • Related Work
  • Download Complete Database

Project and Community

  • About
  • Contact and Follow
  • Apps and Summaries
  • Editor’s Guide

Incidents

  • All Incidents in List Form
  • Flagged Incidents
  • Submission Queue
  • Classifications View
  • Taxonomies

2024 - AI Incident Database

  • Terms of use
  • Privacy Policy
  • Open twitterOpen githubOpen rssOpen facebookOpen linkedin
  • 1420c8e