FIN7, a feared cybercriminal group, is now using deepfake photos to trap its victims and spread malware. This new method targets both individuals and businesses, with the aim of compromising sensitive data.
The FIN7 group, known for its complex cyberattacks, launched a campaign using a fake nude photo generator called “ DeepNude Generator“. This tool claims to transform images into nude versions using deepfake technology. However, instead of the promised tool, users download malwaresuch as information thieves Lumma and Redline. This stratagem thus exposes victims to a risk of theft of personal data.
This group of hackers is not limited to individuals, it also targets businesses. It encourages employees to download infected filessometimes without their knowledge. These programs steal credentials and create conditions for future attacks. In some cases, they install ransomware. This type of campaign, which uses provocative baiting, leads unwary users to endanger the security of their professional network.
To maximize the effectiveness of their scam, FIN7 created seven different websites offering the “DeepNude Generator”, either by direct download or via a free trial after registration. Regardless of the user’s choice, the result remains the same: they end up unintentionally downloading malware to their device.
Skillful use of SEO
In addition to creating fraudulent websites, FIN7 leverages SEO optimization to attract users. They place links to popular porn sites on their pages to increase their visibility in search results. This allows their fake sites to be at the top of searches, which increases the chances of reaching potential victims.
FIN7 implemented two distinct attack flows. The first encourages users to directly download a malicious file via a third-party domain. This file hides information-stealing software. The second flow invites users to test the generator by uploading an image. Then, a pop-up offers to download a file, which also contains a malicious payload.
Strengthen protection against these threats
To defend against this new threat, experts recommend several measures. First of all, train employees on the dangers of scams through social engineering is crucial. Additionally, businesses must block any unauthorized downloads of files from outside. Finally, monitor the techniques, tactics and procedures (TTP) used by FIN7 can help develop effective threat indicators.
Since 2012, FIN7 has accumulated over $1.2 billion by carrying out successful cyberattacks. Despite law enforcement efforts to dismantle the group, it continues to adapt and innovate. This group therefore remains a formidable threat for businesses and users around the world.
- Share the article:
Our blog is powered by readers. When you purchase through links on our site, we may earn an affiliate commission.