(NewsNation) — A notorious Russian cybercrime group, Fin7, has advanced its approach to ransomware. Its latest secret weapon: Artifical intelligence deepfake nude applications.

Fin7 targets organizations with malware using different methods, and new research suggests it is operating an AI deep nude generator, according to Silent Push’s Oct. 2 report.

Silent Push tracks daily changes on the dark web to help companies detect and protect against threats. The company discovered Fin7 has created at least seven websites serving malware to online users who seek to use generators that create fake nude images.

“Organizations may become vulnerable as FIN7 lures unsuspecting employees to download malicious files. These files may directly compromise credentials via infostealers or be used for follow-on campaigns that deploy ransomware,” Silent Push wrote in its research.

The new methodology offers the web user a “free trial.” If the person follows the link, they are asked to upload an image to generate a fake nude image. If the user uploads an image, they are prompted to download the file. The download then results in a malicious Zip file containing password-stealing malware. Another method they use is a “free download” dialogue.

Silent Push helped take the websites down, which are currently offline, “but we believe it’s likely new sites will be launched that follow similar patterns,” the company said.

The report, published in a public blog, notes some information was omitted for “operational security.”

Fin 7 has targeted hundreds of U.S. companies, primarily in the restaurant, gaming and hospitality industries, since at least 2015, according to the U.S. Attorney’s Office. They hacked into thousands of computer systems and stole millions of customer credit and debit card numbers, which were sold for profit, across all 50 states and abroad.

The primary method used was not AI deep nude generators at the time, but instead carefully crafted emails that would appear legitimate to a business’s employees. Once an attached file was opened, the malware would activate.

“Since 2015, many of the stolen payment card numbers have been offered for sale through online underground marketplaces,” according to the U.S. Attorney’s Office.

This evidence was collected as part of an investigation into a high-level Fin7 system administrator, Fedir Hladyr, for his involvement. In 2019, he pleaded guilty to conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking. In April 2021, he was officially sentenced to 10 years in a Seattle prison.

In a court statement at the time, Hladyr said he “ruined years of my life and put [his] family through great risk and struggle,” according to a news release.

Fin7 successfully breached the computer networks of 6,500 individual point-of-sale terminals at more than 3,600 separate business locations in the U.S. alone. They stole 20 million customer credit card records at the time. Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli are a few of the well-known companies to fall victim.

October 2024 marks the 21st Cybersecurity Awareness Month in which the U.S. Cybersecurity and Infrastructure Security Agency advertises campaigns to urge consumers to protect themselves against malware.

In their #StopRansomware guide, the CISA recommends conducting regular vulnerability scanning, implementing phishing-resistant MFA for all services, subscribing to credential monitoring services to monitor the dark web for compromised credentials and implementing password policies that require unique passwords of at least 15 characters.

And if something seems suspicious, it probably is, so avoid clicking unrecognized links.