Associated Incidents
"Nudify" websites promising fake pornographic content based on a real-life photo may serve up malware alongside the sexual abuse.
Researchers from Silent Push in research published Wednesday observed the Russia-based, financially motivated threat group commonly tracked as Fin7 running a network of websites that promise to to digitally undress women. The sites, many under the brandname aiNude.ai, embed a Trojan or infostealer in a web extension or other file that users are directed to download. 404 Media reported that some of the malicious sites allowed users to upload images. "The site did not nudify the image, but did display it on screen. After uploading a photo to nudify, one of the sites then said a 'trial is ready for download.'"
Fin7 is serving up Lumma Stealer, the NetSupport remote access Trojan and Redline credential sealing malware.
The threat actor - also tracked as Carbon Spider, Elbrus and Sangria Tempest - has been active since 2013. Security researchers have found indications of its involvement in deploying REvil and DarkSide ransomware. Microsoft last year said the group has ties to the Clop ransomware gang.
The group runs two versions of nudify sites: one offering a free download of a "Deepnude Generator" tool, and another providing a putative free trial, using search engine optimization tactics to boost rankings of its sites.
Sites that create nude deepfakes have proliferated online along with the public availability of generative AI image models. San Francisco city attorney David Chiu in August sued 16 of the most popular "nudify" websites and apps, accusing them of violtating state and federal laws against sexual abuse and harassment. The FBI in June warned that malicious actors used nude deepfakes as blackmail material.