This fake Midjourney Facebook page tried to push malware on over a million people

The Midjourney AI website landing page, which features a rolling animated stream of numbers and words.
(Image credit: Midjourney)

Cybercriminals are operating Facebook pages with millions of subscribers, through which they’re promoting various Generative AI tools.

However a report from Bitdefender claims these tools are actually fakes, and are pushing infostealers and other malware that generate huge databases of sensitive data, which are later sold on the dark web for profit.

The company's researchers uncovered a Facebook page with more than a million subscribers, pushing the Rilide infostealer to the page's visitors. According to Bitdefender, hackers first found a vulnerable page and took it over, then renamed it to Midjourney (a generative AI tool for image creation) and aggressively promoted it on the platform through paid advertising. They amassed roughly 1.2 million subscribers by the time they were discovered, and their page was shut down.

Targeting Europeans

In parallel with the Facebook page, the fraudsters also created a website that imitates Midjourney, and which offered the tool for download. It’s important to note that generative AI tools, such as Midjourney, DALL-E, or ChatGPT, don’t have a standalone, downloadable version. They are all simply available online, so any downloadable app that claims to be a genAI tool is most likely malware.

Still, the website, and the downloadable content, was promoted on the Facebook page. Users who fell for the trick and download the program, end up getting the Rilide v4 infostealer, which impersonates a Google Translate extension for the web browser.

The majority of the victims were men, aged 25-55, located in Europe. The bulk of the victims reside in either Germany, Poland, Italy, France, Belgium, Spain, the Netherlands, Romania, or Sweden.

While in this example the attackers impersonated Midjourney, it’s hardly the only generative AI tool whose image is being abused to distribute malware. ChatGPT, SORA, DALL-E, and others, are all equally being used. 

Facebook pulled the malicious page down, but others are still out there with new ones popping up every day, the researchers warned. Users are advised to read up on the tools thoroughly, as that will help them avoid such scams.

More from TechRadar Pro

  1. The evolution of cybersecurity in the age of generative AI
  2. Here's a list of the best firewalls around today
  3. These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

TOPICS