Google: Vietnam-linked hackers using fake AI video tools to spread malware

Cybercriminals believed to be operating from Vietnam are exploiting public interest in AI to distribute malware via counterfeit video generator tools, Google has warned.

 

A new report from Google’s Mandiant threat intelligence team reveals that attackers have created a network of deceptive websites posing as legitimate AI-powered platforms such as Luma AI, Canva Dream Lab and Kling AI. These fake services claim to generate videos from text prompts but instead deliver malicious software.

 

The campaign, attributed to a threat group dubbed UNC6032, has been active since mid-2024. It relies heavily on malicious social media ads to drive traffic to the fraudulent websites. Mandiant analysts say they’ve tracked thousands of ads, mostly on Facebook and LinkedIn, reaching millions of users worldwide.

 

Visitors lured in by the slick user interfaces are prompted to download what they believe is a genuine AI tool. In reality, they receive malware — notably a strain known as STARKVEIL, which is capable of harvesting login details, cookies, credit card data and even Facebook account information. Some variants can also collect information on antivirus software, webcam status and device location.

 

The hackers used a combination of newly created Facebook pages and compromised accounts to run the ads. According to Meta’s publicly accessible Ad Library, nearly 2.3 million Facebook users in the EU may have viewed the ads. A further 50,000–250,000 impressions were logged on LinkedIn.

 

To evade detection, the attackers frequently switched website domains and refined their ad strategies. While Meta took down many of the offending ads, Mandiant’s researchers say the scale and sophistication of the operation point to a growing threat.

 

“These fraudulent AI tools are no longer niche — they’re baiting a global audience,” Mandiant warned. “Curiosity about the latest AI innovations can easily lead to compromise.”

 

The findings were released ahead of Google’s Scams Summit in Dublin and coincide with broader warnings on online fraud, including fake customer support, bogus travel offers, and SMS-based toll scams.