Police Use of Facial Recognition Softwar…

BackFake AI 'Nudify' Sites Reportedly Linked to Malware Distribution by Russian Hacker Collective FIN7

Fake AI 'Nudify' Sites Reportedly Linked to Malware Distribution by Russian Hacker Collective FIN7

Oct 2, 20245 reportsSeverity: SubstantialHigh confidence

The Russian hacker group FIN7 created multiple fake AI 'nudify' websites that promised to generate nude images from clothed photos but instead delivered malware including infostealers, credential stealers, and remote access trojans to victims who downloaded the supposed AI tools.

The Russian cybercriminal group FIN7 (also known as Sangria Tempest) operated a network of at least seven fake AI deepfake websites under variations of the 'aiNude.ai' brand that claimed to offer AI-powered tools to generate nude images from clothed photographs. The sites used two main attack vectors: a simple 'free download' option that redirected users to malicious Dropbox links, and a more sophisticated 'free trial' process that prompted users to upload images before downloading malware-laden files. The malicious payloads included Lumma Stealer, Redline Stealer, D3F@ck Loader, and NetSupport RAT malware designed to steal credentials, cookies, passwords, and other sensitive information. Silent Push cybersecurity researchers discovered the campaign and found that FIN7 used SEO tactics to rank their honeypot sites highly in search results, targeting users seeking deepfake software. The group also ran parallel malvertising campaigns spoofing legitimate brands like Microsoft and SAP Concur. All identified malicious sites were taken down after researchers reported them, but new sites following similar patterns are expected to emerge.

Domain classification, causal taxonomy, severity scores, and national security assessments were LLM-classified and may contain errors.

Risk Domain

4Malicious Actors & Misuse

4.3Fraud, scams, and targeted manipulation

Using AI systems to gain a personal advantage over others such as through cheating, fraud, scams, blackmail or targeted manipulation of beliefs or behavior. Examples include AI-facilitated plagiarism for research or education, impersonating a trusted or fake individual for illegitimate financial benefit, or creating humiliating or sexual imagery.

Causal Classification

Entity

Human

Due to a decision or action made by humans

Intent

Intentional

Due to an expected outcome from pursuing a goal

Timing

Post-deployment

Occurring after the AI model has been trained and deployed

Harm Severity Assessment

Highest Score:3 — Substantial(Loss of Privacy, inferred)

National Security Assessment

Overall Score(2/5)

Stakeholders

Developers: Fin7, Carbon Spider, Elbrus, Sangria Tempest
Deployers: Fin7, Carbon Spider, Elbrus, Sangria Tempest
Harmed Parties: Users Of Fake Nudify Sites

AI System Classification

Primary Purpose: Deepfake Image Generation
EU AI Act Risk Level: 3 Limited Risk
Occurrences: 1

Population Impact

No population impact data reported.

External Links

View on AI Incident Database