In a concerning development, hackers have exploited Facebook’s advertising platform and hijacked pages to promote counterfeit Artificial Intelligence (AI) services, leading to the infection of over 1.2 million unsuspecting users with password-stealing malware.
The malvertising campaigns utilize hijacked Facebook profiles posing as legitimate AI services, enticing users with promises of exclusive previews of new features. Upon falling for the ads, users are directed to fraudulent Facebook communities where threat actors post seemingly legitimate content to lend credibility to the pages.
However, these communities serve as a gateway to malware, offering users limited-time access to purported upcoming AI services. Users are then tricked into downloading malicious executables, infecting their Windows computers with information-stealing malware such as Rilide, Vidar, IceRAT, and Nova.
The extent of these campaigns is alarming, with one malicious Facebook page impersonating MidJourney amassing 1.2 million followers over nearly a year before being shut down. Despite efforts to combat these threats, attackers swiftly establish new pages impersonating legitimate AI services, underscoring the sophistication and persistence of their tactics.
The attackers target a specific demographic of men aged 25 to 55 in European countries, primarily Germany, Poland, Italy, France, Belgium, Spain, the Netherlands, Romania, and Sweden. Instead of using conventional file-sharing platforms, the operators set up clone sites mimicking official landing pages to distribute malware via deceptive links.
This wave of malvertising highlights the urgent need for heightened vigilance when engaging with online advertisements and the imperative for social media platforms to bolster moderation efforts to curb the proliferation of malware. Failure to address these issues risks widespread damage from malware infections and underscores the critical importance of user awareness and platform security in combating cyber threats.
Leave a Reply