You wouldn’t expect to run into password-stealing malware while browsing Facebook, but hackers now use fake ads to target vulnerable Windows PCs on the popular social network.
As reported by BleepingComputer, security researchers at Trustwave have discovered several new campaigns that use fake Windows themes along with fake downloads for pirated games and software as a lure to trick unsuspecting Facebook users into clicking on their malicious ads. This is done by creating new Facebook business accounts or hijacking existing ones.
Stealing Passwords and Facebook Account Information
According to Trustwave’s report, the hackers behind this latest round of attacks nhave taken out thousands of ads for each campaign. For instance, the top campaign called “blue-softs” had 8,100 ads while “xtaskbar-themes” had 4,300 ads.
Clicking on one of these fake ads takes potential victims to malicious sites hosted on Google Sites or True Hosting, which appear to be download pages for the themes or software advertised on Facebook. These sites have a download button that, when clicked, downloads a ZIP file with a name that matches the product advertised online.
As you’d expect, these ZIP files actually contain the SYS01 info-stealing malware, which was first discovered by the cybersecurity firm Morphisec back in 2022. The malware itself uses a collection of executables, dynamic-link library (DLL) files, PowerShell scripts, and PHP scripts to install itself and steal data from a targeted Windows PC.
SYS01 can steal cookies from your browser along with any passwords stored there and a victim’s browsing history. However, it also includes a task that leverages Facebook cookies on an infected device to extract data from a victim’s profile, including their name, email, birthday, and more on the social network. Cybercriminals are taking over Facebook pages and using them to advertise fake generative artificial intelligence software loaded with malware.
New Tactics: Hijacking Popular AI Tool Pages
According to researchers at the cybersecurity company Bitdefender, cybercrooks are taking advantage of the popularity of new generative AI tools and using “malvertising” to impersonate legitimate products like Midjourney, Sora AI, ChatGPT 5, and others.
The campaigns follow a certain blueprint. Cybercriminals take over a Facebook account and begin to make changes to the page’s descriptions, cover, and profile photo. According to Bitdefender, they make “the page seem as if it is run by well-known AI-based image and video generators.” They then populate the pages with purported product news and advertisements for software, which are themselves generated with AI software.
The downloads contain various types of info stealing malware — like Rilide, Vidar, IceRAT, and Nova Stealers — which are available for purchase on the dark web, allowing unsophisticated cybercriminals to launch attacks. The campaigns have especially targeted European users from Germany, Poland, Italy, France, Belgium, Spain, the Netherlands, Romania, Sweden, and elsewhere, they said, and have “tremendous reach through Meta’s sponsored ad system.” The most notable Facebook page hijack involved the application Midjourney, a popular tool for creating AI-generated images. Its hijacked page had 1.2 million followers and was active for nearly a year before it was shut down earlier this month. According to Meta’s Ad Library catalog, the Midjourney page had an advertising reach of about half a million people from Europe. Since it was taken down, other hijacked Midjourney pages have popped up on Facebook, including one that as of March 26 already had 637,000 followers. Meta did not respond to questions from Recorded Future News.
Since the launch of ChatGPT in late 2022, experts have sounded the alarm about the potential for AI tools to be abused by cybercriminals. Last week, former Secretary of State Hillary Rodham Clinton called AI and deepfake technology a “totally different type of threat.”
Employee Usage of Social Media in the Workplace Guidelines for Social Media Use:
Employees should be aware of the risks associated with using social media, especially on company devices or networks. Here are some guidelines:
Avoid clicking on unknown links: Be cautious about clicking on advertisements or links that look suspicious.
Update security settings: Regularly update privacy and security settings on social media accounts to limit exposure to potential threats.
Report suspicious activity: Immediately report any suspicious ads, messages, or posts to the IT department.
Monitoring Social Media Activity
To ensure workplace security, it’s important to monitor social media usage. Here are some steps to take:
- Implement monitoring software: Use security software that can track and log social media activity on company devices.
- Conduct regular audits: Periodically review social media activity and logs for any signs of suspicious behavior or security breaches.
- Educate employees: Provide training on the potential risks and best practices for safe social media usage.
By following these guidelines and monitoring social media activity, companies can help protect their networks and sensitive information from cyber threats.
Let us help you create a robust security plan. Contact us today.