Fake AI image and video generators have become a growing cybersecurity threat, with cybercriminals using them to spread information-stealing malware. Recently, researchers have discovered that fake websites impersonating the popular AI editing tool EditProAI are distributing Lumma Stealer on Windows and AMOS on macOS. These websites, which appear legitimate and even include cookie consent banners, promote deepfake videos—such as political figures sharing ice cream—to lure users into downloading malicious files.
Once the fake websites are visited, unsuspecting users are prompted to download files disguised as the EditProAI application. For Windows users, the malware is disguised as “Edit-ProAI-Setup-newest_release.exe,” while macOS users receive a file named “EditProAi_v.4.36.dmg.” The Windows variant of the malware is signed with what appears to be a stolen code signing certificate from a legitimate freeware developer, making it appear even more trustworthy. Once executed, the malware begins stealing sensitive information, including cryptocurrency wallets, login credentials, cookies, and browsing history from popular web browsers like Google Chrome and Mozilla Firefox.
The stolen data is sent to cybercriminal-controlled servers where it can be sold on dark web marketplaces or used in further attacks. The Lumma Stealer and AMOS malware variants are capable of compromising user data on a massive scale, highlighting the increasing sophistication of information-stealing malware campaigns. These types of malware have become more widespread, often leveraging deceptive tactics such as fake updates or answers on platforms like StackOverflow to infect users.
For anyone who may have downloaded these fake applications, it is crucial to take immediate action. Users should reset their passwords across all affected accounts, especially those related to cryptocurrency or financial services, and enable multi-factor authentication (MFA) for additional protection. As information-stealing malware continues to grow in prevalence, users must remain vigilant, ensuring they only download software from trusted sources to avoid falling victim to such cyberattacks.
