Multiple sites which promise to use AI to ‘nudify’ any photos uploaded are actually designed to infect users with powerful credential stealing malware, according to new findings from a cybersecurity company which has analyzed the sites. The researchers also believe the sites are run by Fin7, a notorious Russian cybercrime group that has previously even set up fake penetration testing services to trick people into hacking real victims on their behalf.
The news indicates that services for producing AI-generated nonconsensual intimate content are becoming enticing enough that hackers feel it is worth the time and effort to build fake versions they can then use to hack people. The news also shows that Fin7 is alive despite the U.S. Department of Justice saying last year that “Fin7 as an entity is no more.”
Hostinger, the domain registrar for most of the fake nudify sites, blocked the domains after 404 Media sent it a list of questions earlier this week. 404 Media also found that one of the Fin7-run sites was included one of the web’s biggest porn site aggregators, potentially putting many people who stumbled across the site at risk.