AI brands as bait: How threat actors are using the AI hype in social engineering
Threat actors are increasingly leveraging the hype around AI platforms like ChatGPT, Claude, and DeepSeek to conduct social engineering attacks. These campaigns utilize phishing, malvertising, and SEO poisoning to distribute infostealers such as Vidar or facilitate credential theft via adversary-in-the-middle (AiTM) infrastructure.
- domainbrokeapt[.]comC2 domain for the Python downloader dropping Vidar stealer.
- domaindash[.]awaydouble[.]orgInitial attacker-controlled redirect domain for the Claude AiTM phishing campaign.
- domainlegendarytrendsbay[.]shopCompromised domain hosting the ChatGPT-themed phishing landing page.
- domainlogin[.]authbridge365[.]amazinforest[.]orgFinal AiTM phishing domain for mobile users in the Claude campaign.
- domainlogin[.]managedservices365[.]womenscaucusaarso1[.]orgFinal AiTM phishing domain for desktop users in the Claude campaign.
- domainservicing[.]pureplantcravings[.]comClaude-themed account appeal phishing page domain.
- filenamedeepseek-v4-flash_x64.exeExtracted payload from fake DeepSeek V4 archive.
- filenameProFluxeFlowAi-win-Setup.exeFake AI plugin executable delivering Vidar stealer.
- sha2565455341ed1bbe75a664fca2dd0794c508e1874f75360253a7ff5bc119bc92d80Loader executable masquerading as DeepSeek V4 installer.
- urlhxxps://legendarytrendsbay[.]shop/ChatGPT/adress[.]phpChatGPT phishing page collecting personal address information.
- urlhxxps://legendarytrendsbay[.]shop/ChatGPT/payment[.]phpChatGPT phishing page collecting credit card information.
- urlhxxps://login[.]authbridge365[.]amazinforest[.]org/HJRAHkxHAiTM phishing URL for mobile users.
- urlhxxps://login[.]managedservices365[.]womenscaucusaarso1[.]org/MCRgDLlGAiTM phishing URL for desktop users.
Detection / HunterGoogle
What Happened
Cybercriminals are using the popularity of AI tools like ChatGPT, Claude, and DeepSeek to trick people into handing over passwords, credit card numbers, or installing malicious software. They send fake emails about account issues or create fake download pages for AI software that actually contain viruses. This matters because anyone looking for or using these AI tools could easily fall for these convincing scams, leading to financial loss or compromised accounts. Users should be highly cautious of urgent emails claiming AI account issues and only download software from official vendor websites.
Key Takeaways
- Threat actors are heavily abusing popular AI brands (ChatGPT, Claude, DeepSeek) as lures for phishing and malware distribution.
- A ChatGPT-themed campaign used multi-stage redirects to steal credit card information via fake payment update pages.
- A Claude-themed AiTM phishing campaign used fake AUP violation PDFs to harvest credentials and access tokens.
- Storm-3075 distributed Vidar Stealer via malvertising on streaming sites, using signed fake AI plugins hosted on GitHub.
- Fake DeepSeek V4 installers were distributed via SEO-poisoned GitHub repositories to deliver Vidar and GhostSocks.
Affected Systems
- Windows endpoints
- Consumer devices
- Enterprise identities (via AiTM phishing)
Attack Chain
Threat actors use AI-themed lures via email phishing, malvertising, and SEO-poisoned GitHub repositories to target victims. Phishing campaigns utilize multi-stage redirects and CAPTCHAs to evade detection, ultimately leading to credential harvesting or AiTM pages. Malvertising and fake repositories trick users into downloading signed executables or archives masquerading as AI tools. Upon execution, these loaders often require manual interaction to bypass sandboxes before dropping scripts that fetch final payloads like Vidar Stealer from attacker-controlled C2 servers.
Detection Availability
- YARA Rules: No
- Sigma Rules: No
- Snort/Suricata Rules: No
- KQL Queries: No
- Splunk SPL Queries: No
- EQL Queries: No
- Other Detection Logic: No
- Platforms: Microsoft Defender
Microsoft Defender provides built-in detections for the malware families discussed, including Trojan:Win32/Vidar, Trojan:Win32/Malgent, and Trojan:Win32/Malcert.
Detection Engineering Assessment
EDR Visibility: High — EDR solutions can detect the execution of dropped payloads, unusual Python interpreter activity in AppData, and known infostealer behaviors. Network Visibility: Medium — Network telemetry can identify connections to known C2 domains and AiTM phishing infrastructure, though HTTPS encryption may obscure the payload. Detection Difficulty: Moderate — The use of valid code-signing certificates and manual interaction checks (CAPTCHAs/Continue buttons) helps evade automated sandboxes, but post-exploitation behavior remains detectable.
Required Log Sources
- Process Creation (Event ID 4688 / Sysmon Event ID 1)
- File Creation (Sysmon Event ID 11)
- DNS Query (Sysmon Event ID 22)
Hunting Hypotheses
| Hypothesis | Telemetry | ATT&CK Stage | FP Risk |
|---|---|---|---|
| Consider hunting for unusual executions of pythonw.exe originating from the \AppData\Local\ directory, which may indicate the Storm-3075 Python downloader. | Process Creation, File Creation | Execution | Low |
| If you have visibility into file creation events, look for executables with AI-themed names (e.g., DeepSeek, ChatGPT, Claude) being extracted from archives in user download directories. | File Creation | Delivery | Medium |
| Evaluate network logs for connections to newly registered or low-reputation domains following clicks on links in emails claiming to be from AI service providers. | DNS Query, Network Connections | Command and Control | Medium |
Control Gaps
- Automated sandbox analysis (bypassed by manual click requirements)
- Basic email filtering (bypassed by legitimate redirectors like Rebrandly)
Key Behavioral Indicators
- Execution of Python scripts from AppData\Local
- Manual 'Continue' prompts before payload execution
- Use of fraudulently obtained code-signing certificates
False Positive Assessment
- Low
Recommendations
Immediate Mitigation
- Verify against your organization's incident response runbook and team escalation paths before acting.
- Consider blocking the identified C2 and phishing domains at the network perimeter.
- Evaluate whether to revoke or block binaries signed by the identified fraudulent certificate thumbprint (4f5c5b3ef45cfff7721754487a86aeff9a2e6e32).
Infrastructure Hardening
- If supported by your identity provider, consider enforcing phishing-resistant MFA to mitigate the risk of AiTM attacks.
- Evaluate implementing conditional access policies that require compliant devices for accessing sensitive applications.
User Protection
- Consider enabling network protection features in your endpoint security agent to prevent access to malicious domains.
- If applicable, configure email security solutions to recheck links at the time of click (e.g., Safe Links).
Security Awareness
- Consider updating security awareness training to include examples of AI-themed lures and fake software installers.
- Remind users to only download software and browser extensions from official vendor websites or approved corporate portals.
MITRE ATT&CK Mapping
- T1566.001 - Phishing: Spearphishing Attachment
- T1566.002 - Phishing: Spearphishing Link
- T1583.001 - Acquire Infrastructure: Domains
- T1588.003 - Obtain Capabilities: Code Signing Certificates
- T1204.002 - User Execution: Malicious File
- T1189 - Drive-by Compromise
- T1555 - Credentials from Password Stores
- T1497.001 - Virtualization/Sandbox Evasion: System Checks
Additional IOCs
- Urls:
hxxps://legendarytrendsbay[.]shop/ChatGPT/adress.php- ChatGPT phishing page collecting personal address information.hxxps://legendarytrendsbay[.]shop/ChatGPT/payment.php- ChatGPT phishing page collecting credit card information.hxxps://login[.]authbridge365[.]amazinforest[.]org/HJRAHkxH- AiTM phishing URL for mobile users.hxxps://login[.]managedservices365[.]womenscaucusaarso1[.]org/MCRgDLlG- AiTM phishing URL for desktop users.
- File Paths:
\AppData\Local\pythonw.exe- Python interpreter dropped by the malvertising loader.\AppData\Local\LICENSE.txt- Malicious Python downloader script dropped by the malvertising loader.C:\Users\<user>\Downloads\Programs\IA DeepSeek-V4\deepseek-v4-flash_x64.exe- Extraction path for the fake DeepSeek V4 payload.
- Other:
4f5c5b3ef45cfff7721754487a86aeff9a2e6e32- Fraudulent Microsoft-issued code-signing certificate thumbprint attributed to Fox Tempest.Fill and Sign Claude Appeal Form.pdf- Malicious PDF attachment used in the Claude phishing campaign.deepseek-v4-pro_x64.7z- Malicious archive hosted on fake DeepSeek GitHub repository.deepseek-v4-flash_x64.7z- Malicious archive hosted on fake DeepSeek GitHub repository.Manus_AI_Desktop_x64.exe- Sibling lure filename in the broader fake-AI ecosystem.seedance_x64.exe- Sibling lure filename in the broader fake-AI ecosystem.gpt-5.5-Pro_x64.exe- Sibling lure filename in the broader fake-AI ecosystem.Kimi-Swarm-Station_x64.exe- Sibling lure filename in the broader fake-AI ecosystem.fraudGPT_x64.exe- Sibling lure filename in the broader fake-AI ecosystem.GrokCLI_x64.exe- Sibling lure filename in the broader fake-AI ecosystem.gemma-4-omni_x64.exe- Sibling lure filename in the broader fake-AI ecosystem.LTX-2.3_x64.exe- Sibling lure filename in the broader fake-AI ecosystem.TradeAI.exe- Sibling lure filename in the broader fake-AI ecosystem.OpenClaw_x64.7z- Sibling lure filename in the broader fake-AI ecosystem.WormGPT_x64.7z- Sibling lure filename in the broader fake-AI ecosystem.DeepSeekAI_agent_x64.7z- Sibling lure filename in the broader fake-AI ecosystem.
