Fake Kling AI Malware Distributed via Facebook Ads

Listen to this Post

Featured Image
A hacker group is running fake Facebook ads linked to fraudulent Facebook pages and websites to trick users into downloading a malware-infected executable disguised as Kling AI—a popular text-to-image/video AI tool. China-based Kling AI, launched in July 2024, has already amassed over 22 million users and generated $14 million in revenue, making it a prime target for cybercriminals.

Read the full THN report: https://lnkd.in/evcae8eh

You Should Know: How to Detect and Prevent Fake AI Malware Attacks

1. Verify Download Sources

Always download software from official websites. Check URLs carefully:

curl -I https://www.klingai.com  Verify legitimate site HTTP headers

2. Detect Fake Executables with Linux/Mac

Use `file` and `strings` to inspect suspicious downloads:

file KlingAI_Installer.exe  Check file type
strings KlingAI_Installer.exe | grep -i "malware"  Search for malicious patterns

3. Check Digital Signatures (Windows)

Get-AuthenticodeSignature -FilePath "C:\Downloads\KlingAI_Installer.exe" 

If “NotSigned”, it’s likely malicious.

4. Scan with Antivirus Tools

clamscan -r ~/Downloads/  Linux malware scan

For Windows, use:

Start-MpScan -ScanType FullScan 

5. Analyze Network Connections

Check if the executable connects to suspicious domains:

sudo netstat -tulnp | grep "KlingAI"  Linux active connections

Windows:

Get-NetTCPConnection | Where-Object { $_.OwningProcess -eq (Get-Process "KlingAI").Id } 

6. Use Sandboxing for Safe Testing

Run suspicious files in a sandbox:

firejail --net=none ./KlingAI_Installer.exe  Linux sandbox

Windows alternatives: Windows Sandbox or VMware Workstation.

7. Monitor Facebook Ad Links

Extract URLs from Facebook ads and check for phishing:

whois fakeklingai[.]com  Check domain registration
curl -X POST https://www.virustotal.com/api/v3/urls --data "url=https://fakeklingai.com"  Submit to VirusTotal

What Undercode Say

Cybercriminals exploit trending tech like AI to distribute malware. Always:
– Verify checksums (sha256sum <file>).
– Use ad-blockers (uBlock Origin).
– Inspect browser certificates (Ctrl+Shift+I > Security).
– Report fake ads to Facebook and cybersecurity agencies.

Prediction

As AI tools grow, expect more malware impersonating AI apps. Future attacks may use deepfake videos in ads to enhance credibility.

Expected Output:

  • Malware detection logs
  • VirusTotal scan results
  • Network connection alerts
  • Sandbox behavioral analysis

References:

Reported By: Charlescrampton Thn – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram