{"id":43847,"date":"2026-02-23T15:42:50","date_gmt":"2026-02-23T07:42:50","guid":{"rendered":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/02\/23\/fin7-gang-hides-malware-in-ai-deepnude-sites-infosecurity-magazine\/"},"modified":"2026-02-23T15:42:50","modified_gmt":"2026-02-23T07:42:50","slug":"fin7-gang-hides-malware-in-ai-deepnude-sites-infosecurity-magazine","status":"publish","type":"post","link":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/02\/23\/fin7-gang-hides-malware-in-ai-deepnude-sites-infosecurity-magazine\/","title":{"rendered":"FIN7 Gang Hides Malware in AI \u201cDeepnude\u201d Sites &#8211; Infosecurity Magazine"},"content":{"rendered":"<p>An infamous financially motivated threat group is luring victims to a network of malware-baited sites, promising downloads of deepfake tools, according to a new report from Silent Push.<\/p>\n<p>The security vendor claimed that the Russia-based FIN7, which has been linked to multiple ransomware groups, is hosting the malicious sites on multiple domains under the aiNude[.]ai &ldquo;brand.&rdquo;<\/p>\n<p>They&rsquo;re designed to attract internet users looking to leverage deepfake &ldquo;deepnude&rdquo; tools to generate nude images from photos of individuals they upload.<\/p>\n<p>FIN7 created two versions of these so-called &ldquo;honeypot&rdquo; websites: one offering free downloads of a &lsquo;Deepnude Generator&rsquo; tool and the other offering a free trial.<\/p>\n<p>Clicking on the &ldquo;free download&rdquo; offer will redirect the&nbsp;victim to a new domain featuring a Dropbox link or another source hosting a malicious payload, although it&rsquo;s unclear from the report exactly what this is.<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/fbi-warns-surge-deepfake-2\/\" target=\"_blank\"><em>Read more on deepfakes: FBI Warns of Surge in Deepfake Sextortion Attempts<\/em><\/a><\/p>\n<p>If a victim clicks on &ldquo;free trial,&rdquo; they&rsquo;ll be prompted to upload an image.<\/p>\n<p>&ldquo;If an image is uploaded, the user is next prompted with a &lsquo;Trial is ready for download&rsquo; message saying, &lsquo;Access scientific materials for personal use only.&rsquo;\u200b A corresponding pop-up requires the user to answer the question, &lsquo;The link is for personal use only, do you agree?,&rsquo;&rdquo; Silent Push explained.<\/p>\n<p>&ldquo;If the user agrees and clicks &lsquo;Download&rsquo; they are served a zip file with a malicious payload. This other FIN7 payload is a more classic Lumma Stealer and uses a DLL side-loading technique for execution.&rdquo;<\/p>\n<p>The vendor has also observed FIN7 deploying the Redline Stealer malware and D3F@ck malware-as-a-service loader via this campaign.<\/p>\n<p>It&rsquo;s believed that the group uses SEO tactics to get its AI deepnude sites ranked at the top of search listings.<\/p>\n<p>Silent Push also <a href=\"https:\/\/www.silentpush.com\/blog\/fin7-malware-deepfake-ai-honeypot\/\" target=\"_blank\">revealed<\/a>&nbsp;a second campaign run by FIN7, designed to covertly serve up NetSupport RAT malware through lookalike sites which require visitors to install a browser extension. The threat actors lure victims to the sites &ndash; which spoof well-known brands such as SAP Concur,&nbsp;Microsoft and Thomson Reuters &ndash; via malvertising.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>An infamous financially motivated threat group is lurin [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-43847","post","type-post","status-publish","format-standard","hentry","category--infosecurity-magazine"],"_links":{"self":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/43847","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/comments?post=43847"}],"version-history":[{"count":0,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/43847\/revisions"}],"wp:attachment":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/media?parent=43847"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/categories?post=43847"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/tags?post=43847"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}