How An AI Band Fooled Spotify’s Charts - 1

Image by Freepik

How An AI Band Fooled Spotify’s Charts

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

More than half a million Spotify users are unknowingly listening to music made entirely by artificial intelligence.

In a rush? Here are the quick facts:

  • The band released two albums in under a month.
  • Band members and Instagram photos are clearly AI-generated.
  • Spotify doesn’t require AI-generated music to be labeled as such.

The Velvet Sundown released two albums this month, called Floating On Echoes and Dust and Silence, which quickly gained popularity. But there’s one catch: the band members don’t exist. The music was created by AI.

ArsTechnica , who first reported the story, reports that some listeners suspected something was off. The band members were exposed as non-existent through discussions on Reddit and X. The group members appeared only in the album bios and social media, but numerous inconsistencies revealed the truth about the band. Their Instagram account, launched on June 27, displays strange AI-produced images.

AI-generated bands aren’t new. John Oliver recently highlighted The Devil Inside as an AI musical group, which has released 10 albums. The lyrics of both bands contain repeated references to “dust” and “wind,” which sparks doubts about the training methods of machine models, as noted by ArsTechnica.

Meanwhile, the controversy around AI in the creative world continues to grow. Over 13,500 artists , including Julianne Moore, Thom Yorke, and Kazuo Ishiguro, have signed a petition organized by composer Ed Newton-Rex, calling for a stop to AI companies scraping their work for training.

The petition warns that “the unlicensed use of creative works for training generative AI is a major, unjust threat to the livelihoods of the people behind those works.” As AI music becomes harder to detect, experts are calling for better labeling.

Fake Zoom Updates Used In Crypto Hack Campaign - 2

Image by Compare Fiber, from Unsplash

Fake Zoom Updates Used In Crypto Hack Campaign

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A North Korean hacking group is behind a new way of cyberattacks on Web3 and cryptocurrency companies, using a rare type of macOS malware.

In a rush? Here are the quick facts:

  • North Korean hackers target crypto firms with advanced macOS malware.
  • Malware uses Nim language and fake Zoom updates.
  • Victims contacted via Telegram with social engineering.

Researchers at Sentinel Labs have identified this malware family as NimDoor because it utilizes the obscure programming language Nim.

The attack starts with a social engineering trick. The attackers reach their targets through Telegram by impersonating colleagues. They then ask the victims to execute a “Zoom SDK update script” after sending them a fake Zoom meeting link. The malicious script, which contains 10,000 blank lines and a single typo (“Zook” instead of “Zoom”), then downloads 2 executable files.

Once triggered, the malware downloads and installs several harmful programs, including one that can steal login credentials, browser data, and Telegram chat history. Another script secretly copies users’ system files, Keychain data, and even terminal history, sending it all back to a remote server.

Unlike most macOS malware, NimDoor uses advanced methods like process injection alongside encrypted WebSocket Secure (wss) communication. The malware becomes increasingly difficult to detect because of its advanced features, which enable secure communication with command servers.

A standout feature is its persistence mechanism: even if a user or system tries to stop the malware, it re-installs itself using macOS’s own signal handling tools (SIGINT/SIGTERM).

“Threat actors are continuing to explore cross-platform languages that introduce new levels of complexity for analysts,” wrote Sentinel Labs researchers Phil Stokes and Raffaele Sabato. They warn that attackers’ use of Nim and AppleScript, along with fake update lures, shows a new level of sophistication.

Security experts recommend that Web3 and crypto platforms need to enhance their security measures while teaching staff about social engineering techniques, given that this malware campaign demonstrates how attackers can use trust exploitation to penetrate secure systems.