Kling AI Impersonation on Social Media
Kling AI, a popular AI video tool, becomes a target for cybercriminals in 2025. Fake Facebook ads and pages mimic the platform, tricking users into downloading malware. For example, these ads lead to fraudulent sites like klingaimedia[.]com. With over 22 million users, Kling AI’s fame makes it an attractive lure.
How the Attack Works
The scam starts with counterfeit Facebook pages and sponsored ads. These direct users to fake websites posing as Kling AI. Instead of generating videos, the sites prompt users to download a malicious file. This file hides a remote access trojan (RAT) designed to steal data.
Malicious Payload Details
The downloaded ZIP file contains a disguised Windows executable. It uses tricks like double extensions to hide its true nature. Once activated, the loader evades detection by injecting into legitimate processes. For instance, it targets system tools like “InstallUtil.exe” to remain hidden.
Data Theft and Remote Access
The RAT, called PureHVNC, connects to a remote server. It steals browser credentials, session tokens, and cryptocurrency wallet data. Additionally, it captures screenshots when users access banking sites. The malware also monitors for analysis tools to avoid detection.
Origins of the Campaign
Researchers link this campaign to Vietnamese threat actors. Clues include Vietnamese-language code and past similar attacks. For example, earlier campaigns also used fake AI tools to spread malware. This pattern shows a growing trend of social media-based cyber threats.
Rising Social Media Scams
Cybercriminals increasingly exploit platforms like Facebook for scams. A report notes fake job ads also target users in Southeast Asia. These scams trick people into downloading malware or joining fraudulent schemes. Therefore, social media users must stay cautious.
Preventing Kling AI Scams
To avoid Kling AI scams, verify websites before downloading files. For example, check for official domains and secure connections. Use antivirus software to detect malicious executables and avoid clicking on suspicious ads. Additionally, enable two-factor authentication to secure accounts. These steps help protect against RAT malware and data theft.
Sleep well, we got you covered.
