AI-generated videos are used to spread malware

A screenshot of an AI generated scam video (CloudSEK/YouTube)

It is claims that over 500 hours of content is uploaded to YouTube every minute, making monitoring content on the site an ever-growing challenge.

It also makes the website an attractive gateway for cybercriminals: even if you can’t catch a virus by watching a video on the website, you can be tricked into clicking on attached links, which expose your PC to all kinds of evil is opened. From the scammer’s point of view, the trick is to make the video compelling enough to encourage the click.

For most, it’s a numbers game. Since videos are quickly deleted when reported, there’s no point in investing time in a well-presented scam, but AI offers criminals a very appealing shortcut.

Since November 2022, the cyber intelligence company CloudSEC has seen a 200-300% increase in videos with links full of malware in the description. A large proportion of the videos feature presenters who appear human-like at first glance and were created using AI persona-building tools such as Synthesia and D-ID. These tools generally serve a legitimate purpose: creating videos using AI avatars and a text-to-speech engine to make training, recruitment, and promotional clips more engaging without the need to film a real human.

After just a few minutes of searching, the Standard was able to find numerous examples of these avatars being used in the manner CloudSEK describes: realistic human faces promising pirate software, including Photoshop, Audodesk, AutoCAD, and recent triple-A games for free. The avatars smile, blink and even swallow occasionally, which makes them – at first glance – extremely convincing.

Quality varied, with some squandering the persuasiveness of the visuals with a clearly robotic voice, but one or two sounded much more authentic, with voice patterns realistic enough to match the lifelike facial features.

Aside from the fact that the videos featured a “free lunch,” the main giveaway was that the script looked identical on most of the videos examined by the standard. “Hello dear friends, in this video I will tell you how to download paid software absolutely free, without viruses, torrents and registrations,” most of the videos began.

“Now let’s get started,” the avatar continued, mimicking one of YouTube’s most common choruses before directing viewers to click the link in the description, stopping abruptly with a short, sharp goodbye: “That’s all what I have, thanks for watching , have a nice day.” It’s all over in less than 25 seconds, while the rest of the footage continues with the words “link in the description” for a few more minutes.

The most compelling example we found used a different script and eschewed the robotic text-to-speech engine in favor of a more realistic-sounding human voice. It actually appears to be human, as shown in the screenshot below.

A screenshot of an AI generated scam video.  (Screenshot by Alan Martin, via YouTube)

A screenshot of an AI generated scam video. (Screenshot by Alan Martin, via YouTube)

But otherwise the method was the same: in the description, a MediaFire-hosted file with an attached password, as described by CloudSEK.

This and other examples we found were uploaded to legitimate accounts with hundreds of thousands of followers. These accounts were typically dormant, having not posted anything for months or even years, and it is likely that their passwords were leaked elsewhere, allowing scammers to take advantage of a large existing subscriber base.

To lend some legitimacy to what most critical thinkers would see as thoroughly lazy, many videos are quickly filled with comments vouching for the download. However, like the replay script and the robot voice, these aren’t necessarily the most convincing:

An example of the comments section of an AI generated scam video.  (YouTube/CloudSEK)

An example of the comments section of an AI generated scam video. (YouTube/CloudSEK)

For now, the threat appears to lack sophistication, with short, generic scripts failing to live up to the specific promises of each video title. But how similar AI-based scams on LinkedInit’s not hard to see how this technique could become a lot more compelling with a little more care and attention.

While there are telltale signs of spotting AI avatars and deepfakes (awkward posture, mismatched lighting, unnatural facial movements, and dubious lip syncing), things only get more sophisticated over time as technology improves and creation software becomes more accessible. With that in mind, the best advice is as old as time: there is no such thing as a free lunch.

Leave a Reply

Your email address will not be published. Required fields are marked *