Beware of Malicious Ads Targeting Kling AI Users
Introduction to Scams on Social Media
Recent reports highlight a troubling trend in digital security, particularly targeting users of the artificial intelligence platform Kling AI. Cybercriminals have been leveraging counterfeit Facebook pages and misleading sponsored ads to mislead users to fraudulent websites. The aim is to trick victims into downloading malicious software, with potential consequences that range from data theft to unauthorized system access.
What is Kling AI?
Kling AI is a cutting-edge platform that enables users to create images and videos through simple text and image prompts. Developed by Kuaishou Technology, a company based in Beijing, Germany, Kling AI was officially launched in June 2024. Remarkably, it has quickly amassed a user base exceeding 22 million as of April 2025.
The Malicious Campaign Unveiled
This deceptive scheme was first detected in early 2025. Cybersecurity firm Check Point reported that attackers used fake Facebook ads promoting phantom Kling AI services. These ads direct unsuspecting users to counterfeit websites, such as klingaimedia[.]com and klingaistudio[.]com. On these sites, users are invited to generate AI-assisted content directly in their browsers, but instead of fulfilling this promise, the sites serve as traps.
The Facade of Image and Video Generation
While users believe they are creating multimedia content, the reality is quite different. Instead of generating legitimate files, the web pages offer a disguised Windows executable concealed with double file extensions and Hangul Filler characters. This executable is bundled in ZIP archives, setting the stage for a silent infiltration into users’ systems.
How the Malware Operates
Once downloaded, the malicious software acts as a loader, initiating a remote access trojan (RAT). This allows attackers to gain full control over the compromised devices, accessing sensitive data stored by users, such as browser credentials and session tokens. To evade detection, the malware monitors for security tools and alters Windows Registry settings to ensure persistence.
Advanced Techniques for Data Theft
The secondary payload carried by the loader is a sophisticated malware variant known as PureHVNC RAT. This component communicates with a remote server (185.149.232[.]197) and is particularly adept at pilfering information from cryptocurrency wallet extensions installed on Chromium-based web browsers. PureHVNC employs a plugin approach, capturing screenshots whenever sensitive banking or wallet activities occur.
Origins and Impact of the Campaign
Check Point has identified over 70 promotional posts originating from fake social media pages impersonating Kling AI. Although the source of these ads remains uncertain, evidence suggests ties to Vietnamese cybercriminals. This particular method of distributing malware via social media ads has proven effective, and this exploitation of users’ interest in generative AI tools is a worrisome trend.
Broader Implications and Trends
The reliance on malvertising techniques by Vietnamese threat actors to push stealer malware is part of a more extensive pattern. Recent reports, including one from Morphisec, indicate that these groups frequently utilize fake AI tools as bait, enticing users into vulnerability. The ability to merge social engineering tactics with advanced malware represents an evolving threat landscape.
The Rise of Scams on Social Media
This malware operation coincides with broader findings from financial news outlets like The Wall Street Journal, which noted that Meta (the parent company of Facebook and Instagram) is combatting an increasing wave of scams. Fake romance ads, dubious bargains, and misleading giveaways have become prevalent, with many originating from countries such as China, Vietnam, and Sri Lanka.
Moreover, other reports reveal that social media platforms, including Telegram and Facebook, are being used to post fake job ads that ultimately lure individuals into scams, particularly targeting young Indonesians who may end up trafficked into criminal enterprises across Southeast Asia.
Conclusion
The sophisticated nature of this latest campaign demonstrates the potential dangers lurking in online spaces. As users increasingly rely on AI tools and social media, awareness and vigilance are essential to safeguard against these malicious tactics. Continuing education on cybersecurity and proactive measures can help protect sensitive personal information from falling into the wrong hands.
