AI tools like Midjourney, ChatGPT-5, and DALL-E can be game changers when creating content, but unfortunately, many of them are locked behind subscriptions or only available with limited access. [According to a new report from Bitdefender, hackers have used these tools and access to create complex ways to infect unsuspecting users with information-stealing malware.

Like other online scams, this one starts with Facebook, where potential victims are directed to a malicious site controlled by the hackers behind this campaign. From there, malicious ads are used to infect those interested in AI with all sorts of dangerous malware.

The campaign is primarily targeting European users for now, but could be retooled to target users searching for AI tools on Facebook in other countries. Here are some tips on how hackers are taking advantage of the popularity of AI tools to launch attacks, as well as tips on how to stay safe from information-stealing malware.

This malicious campaign begins with hackers taking over existing Facebook accounts. This is a common tactic used by cybercriminals because they can use the existing reputation and followers of an account or page for their own benefit.

Once the account has been compromised, the hacker then creates an AI-themed makeover with a new cover photo, profile picture, and description to make it appear as if it is run by one of the well-known AI image and video generator companies. From here, they will try to further impersonate the AI image generator or video generator service they wish to attack by posting news, AI-generated photos, and advertisements to increase the legitimacy of the page. They also add links that, when clicked on by unsuspecting users, will give them free access or free trials to this particular AI tool. The ultimate goal of all of this is to trick the user into clicking on a link to a malicious site and downloading malware to their device.

Upon investigation, Bitdefender security researchers found that the culprit hackers used a much different approach with Midjourney. While other AI tools prompted visitors to download the latest version from Dropbox or Google Drive, Midjourney created more than 10 malicious sites that spoofed the tool's actual landing page. These sites then attempted to trick visitors into downloading the latest version of the tool via a GoFile link.

What the information-stealing malware distributed in this campaign has in common is that they all use a malware-as-a-service business model. If you are unfamiliar with it, this type of malware is developed by cybercriminals and purchased by other hackers as subscriptions, which they then use in their attacks. Yes, even hackers are rushing to subscription services. Here we cover four types of information-stealing malware, including Rilide, Vidar, ICERAT, and Nova.

Bitdefender security researchers have confirmed that the new version of Rilide Stealer is being used in a number of sponsored AI tools and photo editors posing as Sora, CapCut, Gemini AI, Photo Effects Pro, CApCut Pro, and others. We have confirmed that it is being used in advertising campaigns. The malware is a malicious extension masquerading as a Google Translate extension that targets Chromium-based browsers such as Chrome, Edge, Brave, and Opera to monitor the victim's browsing history, obtain login credentials, and even bypass two-factor authentication (2FA) to and steal cryptocurrency.

Of these multiple campaigns impersonating AI tools, the one involving Midjourney was the most successful and remained active the longest; as BleepingComputer notes, the Facebook page impersonating Midjourney, successfully attracted 1.2 million followers and remained active for almost a year before it was taken down. The fake page was shut down by Meta, though.

Just as when downloading free apps from official app stores, be careful when trying out new AI tools. For example, a desktop version of Midjourney does not yet exist, but that did not stop the hackers behind the campaign from advertising it online.

We saw similar tactics used with the fake ChatGPT app back when the OpenAI chatbot was not yet available to everyone. Hackers simply tricked unsuspecting users with quick access and a chance to jump the queue and infect them with malware.

For this reason, it is best to go to the official page of an AI tool and do plenty of research before installing anything; an online search will quickly tell you if an AI image generator or other tool has a desktop version or a mobile app. Anyone claiming differently is most likely a hacker trying to trick you.

At the same time, you want to avoid clicking on ads, no matter how legitimate they may seem. It is easy for hackers to buy ad space online and serve malicious ads. If you see a promotion for a product you are interested in, go to that company's page and purchase it at the same sale price.

When it comes to protecting yourself, use the best antivirus software on your PC, the best Mac antivirus software on your Apple computer, and the best Android antivirus app on your Android phone You should use one of them; Intego's Mac antivirus software can scan your iPhone or iPad for malware, but only if it's connected to your Mac via USB.

Another useful tool for identifying scams is Bitdefender's own Scamio, an AI-powered scam detection tool that tells you everything you need to know if an email, message, or website is actually a scam, including suspicious links and screenshots and QR codes can also be uploaded to the service for evaluation.

The methods hackers use to attack and human nature go hand in hand. However, being patient and careful online can prevent devices from being infected with malware and personal data from being stolen.