Mandiant Finds More Than 30 Fake AI Websites Spreading Malware
HelpNet Security, Tuesday, May 27th, 2025
Fake AI video generation websites promoted via Facebook and LinkedIn ads were found to spread various malware payloads with reconnaissance and backdoor capabilities, according to Mandiant.
The campaign has been ongoing since at least mid-2024 and is tied to more than 30 websites imitating popular legitimate AI tools like Luma AI, Kling AI and Canva Dream Lab, the cybersecurity company said in a blog post Tuesday. The threat actor behind the campaign is tracked as UNC6032 by Mandiant, which is a part of Google Cloud, and is believed to be of Vietnamese origin.
Thousands of Facebook ads, with millions of views combined, directed users to the malicious sites, along with about 10 LinkedIn ads that had an estimated 50,000 to 250,000 total impressions.