According to a report by Silent Push, the Russian hacker group FIN7 has begun using programs that mimic AI-driven Deepnude generators — tools designed to create naked images of women after uploading their photos. These websites, however, are actually spreading malware, infecting users’ devices.

How the Scheme Works

The hackers have created at least seven websites offering potential victims the chance to download an app for “undressing” images. Once the malicious file is downloaded, users’ devices are attacked, which can lead to:

Theft of login credentials
Installation of ransomware

In some cases, a free trial version is offered, where users upload a photo and receive malware in return.

Hackers’ Actions and Consequences

Although analysts managed to shut down the discovered websites, experts warn that the FIN7 group, which has been active since 2013, will likely launch new sites. The U.S. Department of Justice previously arrested three members of the group, including the alleged leader, Fyodor Gladyr.

FIN7’s activities go beyond phishing sites related to Deepnude. The group has created over 4,000 domains, as well as fake security companies like Combi Security and Bastion Secure, with the goal of hiring technical specialists for their operations.

Among the organizations targeted by FIN7 are companies like Chipotle, Chili’s, and Arby’s, indicating the broad scope of their operations, which include fraud in the hospitality and food industries.

Use of AI in Attacks

While using adult content as bait to spread viruses is not a new phenomenon, the incorporation of AI into these schemes adds a new layer of sophistication. In the early 2000s, cybercriminals used adult websites to spread Trojan horses and spyware.

It’s worth noting that in August 2024, U.S. authorities filed a lawsuit against websites that used AI to generate naked images of women.