Cybercriminals are using the notoriety of the DeepNude app to distribute info-stealing malware in campaigns over YouTube that promise a cracked premium version of the program for Windows, Android, and iOS.

DeepNude allowed anyone with $50 in their pocket to create naked versions of clothed women by removing their clothes based on the calculations from algorithms in a neural network.

The DeepNude app is no longer available for download from official sources, as its developer on June 27 announced the end of the project.

But copies still exist and this is what cybercriminals are betting on to lure users into installing malware on their systems, choosing YouTube as the distribution platform.

Malware strips browser and clipboard of data

Security researcher Frost discovered that the campaign was actually pushing a malware strain named Qulab that can steal information from the system and the clipboard.

Fraudsters upload short videos demoing the app and providing in the description a download link. The URL may be shortened or it may point to an online storage service, but it does pull a file down.

A brief search on YouTube indicates that the campaign started a week ago. The latest video linking to a file in the description was uploaded on Wednesday and has almost 1,000 views; it links to an Android app.

An analysis from Fumik0 shows that Qulab was built to steal information from the browser (history, credentials, cookies) and from other programs (FileZilla, Discord, Steam).

It goes without saying that installing programs from an unknown source is not the wisest thing to do. Crooks have always taken advantage of the traction a free or popular product received in order to push malicious files.

One recent example is an operation that targeted torrent site users to plant GoBot2 backdoor on their systems.

No trusted sources remain

Despite its short life DeepNude certainly had its moment of fame before it went belly up. By then, the app had already made headlines, became viral, and attracted a huge wave of criticism as well as numerous users.

The project was ended because of moral reasons. The developer announced on Twitter that despite adding a watermark to the result of the photo processing, some individuals could still misuse it and damage someone's reputation.

GitHub is the latest to remove open-source code spun off from DeepNude. In a statement to Motherboard, the company said that although user-generated content is not under scrutiny, abuse reports are investigated and removes repositories that are found to be in violation with the platform's acceptable use policy. Moreover, sexually obscene content is prohibited through the Terms of Service and Community Guidelines.