Microsoft Threat Intelligence: AI-brand impersonation drives Lumma Stealer and Vidar delivery via signed binaries

Microsoft Threat Intelligence documents a campaign by Storm-3075 (initial-access broker) and Fox Tempest (malware-signing-as-a-service operator) that weaponises public enthusiasm for AI tools, impersonating ChatGPT, Claude, DeepSeek and Microsoft Copilot through SEO poisoning, malvertising and multi-stage redirection chains (Rebrandly → CAPTCHA gate → credential-harvesting landing) (Microsoft, 2026-06-08). Downloaded binaries are code-signed with certificates obtained through Fox Tempest's MSaaS operation (T1553.002), suppressing initial detection; payloads include Lumma Stealer, Vidar, Hijack Loader and Oyster, with fraudulent GitHub repositories used for payload staging. Microsoft's separate analysis details the Fox Tempest malware-signing-as-a-service operation that supplies the certificates (Microsoft, 2026-05-19).

Why it matters to us: Code-signing is no longer a trust anchor here — a valid Authenticode signature on a fresh "AI tool" installer is consistent with this chain. Detection concepts: Sysmon EID 1 for browser-parented processes spawning infostealer-family command lines; EDR process-injection alerts for Hijack Loader. Phish-resistant MFA (FIDO2/passkeys) removes the downstream AiTM credential-replay value even when an endpoint is seeded.