Why trust Greenbot
A malware posing as a fake AI video editor, “EditProAI,” is circulating social media platforms. The malware, which targets both Windows and macOS devices, steals sensitive information like login credentials, credit card details, and cryptocurrency wallets.
Cybersecurity researcher g0njxa discovered the campaign, BleepingComputer reports. The campaign uses fake AI image and video editing software called EditProAI, which appears legitimate and even includes a customer service chatbot and privacy policy. However, clicking on the download link installs malware named Lumma Stealer or AMOS.
EditProAI’s reach has been amplified by its social media and search engine marketing campaign. Many of the advertisements featured deepfake videos of political figures aimed at both parties. This includes videos of President Biden and Trump enjoying ice cream together. The hackers’ seemingly harmless and engaging content has proven effective in gaining the attention and trust of unsuspecting users. These ads often lead to well-designed websites that mimic legitimate services (editproai[dot]pro). The website tends to look credible and even pops up a cookie prompt, making it hard for users to tell the difference.
The malware targets Chromium-based browsers like Google Chrome, Microsoft Edge, and Mozilla Firefox. It can steal everything from saved passwords to browsing history and cryptocurrency wallets. This sensitive information is then archived and sent back to the attacker, who may sell it on cybercrime marketplaces or use it in further attacks. A stolen code signing certificate from Softwareok.com is also being used to help the malware bypass security measures on Windows systems.
The widespread promotion of EditProAI on platforms like X reveals a worrying lax in social media regulation. Threat actors are turning to AI to streamline the spread of misleading content. Social media serves as an effective platform for this. These platforms allow advertisements with harmful links to circulate without proper oversight. While users should exercise caution online, there is a need for social media companies to take a more active role in preventing its spread.
Affected users with devices containing banking, crypto, and other sensitive information must take immediate action. They are advised to reset their passwords and enable two-factor authentication if possible.
The case of EditProAI illustrates the pressing need for better regulation and oversight of content on social media platforms. These companies must instigate responsibility for identifying and eliminating harmful ads before they reach users.
In the meantime, users are encouraged to stay vigilant and only download software from verified sources.
