Counterfeit Facebook pages and sponsored ads are directing users to fake websites mimicking Kling AI, an AI-powered platform developed by Kuaishou Technology. Launched in June 2024 with over 22 million users by April 2025, these illegitimate websites trick users into downloading malware under the guise of generating multimedia content. The malware, disguised within a ZIP archive, installs a remote access trojan (RAT) to steal sensitive data. The campaign exemplifies how cybercriminals exploit trust in popular platforms to execute sophisticated attacks.
The attack exploited counterfeit Facebook pages and ads to distribute malicious files leading to remote access trojan (RAT) infections, compromising users' sensitive data.
Attackers utilized fake websites like klingaimedia.com to deceive users into downloading malware disguised as AI tools, escalating cybersecurity threats linked to popular platforms.
The malicious executable is hidden with double extensions, misleading users into thinking they were accessing legitimate tools, while the payload captures sensitive information from devices.
The second-stage payload employs obfuscation techniques to avoid detection and maintain remote access, highlighting evolving tactics in cybercrime targeting popular AI services.
Collection
[
|
...
]