Threat actors are hijacking Google search results for popular AI platforms like ChatGPT and Luma AI to deliver malware, in a sprawling black hat SEO campaign uncovered by Zscaler’s ThreatLabz.
The attack campaign is equal parts clever and insidious: attackers spin up AI-themed websites optimized for search engine ranking, then redirect unsuspecting visitors into a web of fingerprinting scripts, cloaked download pages, and payloads containing some of today’s most active infostealers—Vidar, Lumma, and Legion Loader.
The strategy? Ride the hype wave of AI search traffic to quietly drop malware onto the systems of curious users.
The campaign kicks in when a user searches for terms like “Luma AI blog” or “Download ChatGPT 5” and lands on a well-ranked but fake AI website. These malicious sites are built using WordPress and are SEO-optimized to game search algorithms—classic black hat SEO in action.
Once loaded, the page deploys JavaScript that fingerprints the browser, collects details like user agent, resolution, cookies, and click behavior, and then sends this data (encrypted via XOR) to a remote server at gettrunkhomuto[.]info.
From there, the server analyzes the visitor’s data and determines which final destination they should be sent to. It might be a ZIP archive packed with malware or a less-threatening PUA or adware site for fallback monetization.
According to Zscaler, this redirection hub—gettrunkhomuto[.]info—has already handled over 4.4 million hits since January 2025.
What makes this campaign particularly evasive is its use of legitimate infrastructure. The redirect logic is hosted on AWS CloudFront, lending credibility to what otherwise might raise red flags in security scanners. Add in advanced techniques like browser fingerprinting, anti-adblocker scripts, and conditional redirect logic based on IP geolocation, and you’ve got a sophisticated traffic laundering operation.
These deceptive scripts will even back off if ad blockers like uBlock or DNS filtering tools are detected. If not? Users get redirected to password-protected malware loaders disguised as software installers.
Once the user is redirected and interacts with the final download page, they’re handed malware tucked inside oversized (800MB+) installer packages. The bloated size is intentional—it helps evade sandbox environments and AV engines that skip file analysis past certain size thresholds.
Vidar and Lumma Stealer, both well-known infostealers, arrive in NSIS installers containing a mix of fake .docm files, AutoIT scripts, and obfuscated loaders. Once executed, these loaders scan for antivirus processes like Avast, ESET, Sophos, or Webroot—and kill them using simple Windows tools (tasklist and findstr) before installing the final payload.
The attack chain ends with browser credential theft, clipboard hijacking, and cryptocurrency wallet scraping—standard fare for Lumma and Vidar, but now with a far more sophisticated delivery mechanism.
Then there’s Legion Loader, which arrives in a multi-ZIP format (yes, really). The final MSI installer masquerades as a utility suite with names like “Frankwo Utilities” or “Kraew Loop Sols.” In the background, the malware executes DLLs via sideloading, hollowing out legitimate processes like explorer.exe, and dropping malicious browser extensions capable of siphoning off crypto.
It even includes a component named DataUploader.dll that phones home to the C2 server with system info and requests passwords for encrypted RAR payloads—again, designed to evade detection by avoiding hardcoded indicators.
This campaign’s novelty isn’t the malware—Vidar, Lumma, and Legion Loader have been around for years. What’s new is the delivery: threat actors are leaning hard into AI’s meteoric rise in popularity, weaponizing curiosity about generative models into a malware vector.
AI-related keywords now drive search traffic at a scale attackers can’t ignore, according to Deepen Desai, CISO at Zscaler. If they can get fake sites ranked for popular queries, that’s a guaranteed funnel to distribute malware at scale.
And they’re right. This is black hat SEO at its most strategic, using legitimate infrastructure like CloudFront and obfuscated payloads wrapped in trusted formats. With the rapid adoption of AI tools—and the general lack of scrutiny around unofficial downloads—this vector is likely to explode in the coming months.
If you’re casually Googling “download ChatGPT desktop” or “Luma AI tools,” be wary of where those links lead. As always, avoid downloading tools from third-party sites, check URLs carefully, and watch for shady ZIP archives with passwords.
And for defenders: start flagging unusual traffic to gettrunkhomuto[.]info, monitor DNS queries related to AI-themed domain clusters, and consider integrating browser fingerprinting heuristics into sandbox evaluation.
In the age of AI, malware doesn’t need to be smarter. It just needs to rank higher than you expected.
Read the excerpt from the data privacy week 2026 interview below to understand why real-time audits, stronger privacy controls is…
Ivanti released emergency patches for two critical zero-day vulnerabilities in Endpoint Manager Mobile that are being exploited in-the-wild.
The CNIL’s decision focuses heavily on failure to ensure the security of personal data processed, a requirement under Article 32…
CRIL uncovers ShadowHS, a fileless Linux framework using weaponized hackshell for stealthy post-exploitation and operator-driven control.
Cybersecurity experts arrested during a sanctioned security test at the Dallas County Courthouse reached a $600,000 settlement after years of…
A security researcher investigating an AI toy for a neighbor found an exposed admin panel that could have leaked the…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More