Don’t Click Sora Ads for Software Downloads – They’re Dangerous

Don’t Click Sora Ads for Software Downloads – They’re Dangerous

Published: March 27, 2024

Exercise caution with ads hawking fake OpenAI Sora software downloads they're a minefield.  

Cybercriminals ingeniously crafted a counterfeit OpenAI website designed to lure users into engaging with the much-anticipated text-to-video tool. 

This fake site is a convincing replica of the genuine OpenAI platform, according to experts from agency directory DesignRush. 

Fake Sora Website homepage
Homepage of the Fake Sora Website | Source: Google

Sora, OpenAI's new AI tool that converts textual prompts into realistic videos, has excited many who are eager to try it. 

However, its availability is currently limited only to a select group of individuals for testing purposes. 

The promotion of this deceptive webpage began through Facebook ads on March 13, originating from a domain named opensora[dot]cloud, established just a day prior.

Within five days, cybercriminals transferred their operations to another domain, opensora[dot]info, which remains active to this day.

During these two weeks, approximately 250 ads were run by the attackers, as reported on Meta's Ad Library.

Meta's Ad Library
Meta's Ad Library Showing Fake OpenAI Sora Ads Leading to Malware | Source: Meta

These fraudulent domains were hosted using Hostinger, a low-cost web hosting service known for offering WHOIS privacy protection to its premium users. 

The WHOIS privacy protection service hides the contact details of domain registrants, replacing them with a proxy service's information, thus obscuring the domain owner's identity. 

Upon downloading the file on the site, users receive a setup archive named “setup-x86_64.”

Antiviruses Don't Recognize Fake Sora Software
Popular Antivirus Detectors Aren't Recognizing the Fake Sora Software as Malware Yet | Source: Virus Total

Currently, this file hasn’t been flagged as malicious by any cybersecurity firm, according to Virus Total's records. 

Users on the OpenAI Developer Forum began reporting sightings of these deceptive SORA ads on March 4.

Editing by Katherine 'Makkie' Maclang

Subscribe to Spotlight Newsletter
Subscribe to our newsletter to get the latest industry news