Cyber Blog

Cybercriminals are leveraging Facebook AI editor ads to launch a new wave of ‘malvertising’ campaigns, tricking unsuspecting users into downloading malware disguised as advanced AI tools.

This latest malvertising scheme was uncovered by Trend Micro. Their researchers identified that attackers are hijacking popular Facebook pages, typically those related to photography. After taking over these pages, the criminals change the page names to appear connected to well-known AI photo editors. They then create posts with links to counterfeit websites mimicking legitimate photo editor sites and amplify the reach of these posts using paid advertisements.

The attack begins with a phishing message sent to the administrator of the targeted Facebook page, urging them to verify their personal information on a fake account protection page. By complying, the administrator unwittingly hands over all the necessary details for the attacker to steal their profile and associated Facebook page, which the attacker then uses to post malicious ads.

These ads promise remarkable features, such as advanced text generation, image creation, or even personal assistants, for free or at seemingly unbeatable prices. Clicking on these ads directs users to fake websites that prompt them to enter credentials and download the advertised software. In reality, these websites deposit malware onto the user’s device.

This malware poses several significant risks:

Data Theft

• Keylogging: Records every keystroke made on the infected device, capturing sensitive information like passwords and credit card numbers. This data is either stored on the infected device or transmitted to a remote server controlled by the attacker.
• Form Grabbing: Intercepts data entered into online forms, such as login credentials and payment details, before it reaches the secure server.
• Information Stealing Trojans: These are designed to covertly infiltrate computer systems and steal sensitive data, including financial information, personal data, corporate information, and intellectual property.

System Damage

• File Corruption: Malware can corrupt crucial files and programs, rendering them unusable.
• System Instability: Causes crashes, freezes, and other unexpected behaviors, slowing down the system by consuming resources.
• Security Vulnerabilities: Creates hidden backdoor entrances for further attacks and disables security software without the user’s knowledge.

Financial Loss

• Identity Theft: Steals personal information like social security numbers, credit card details, and bank account information, leading to fraudulent transactions and unauthorized purchases.
• Banking Credentials: Targets online banking details, allowing cybercriminals to transfer funds out of accounts or steal cryptocurrency wallets and private keys.

Protecting Yourself from Fake Facebook Ads

Given the rise of fake Facebook ads, it’s crucial to stay vigilant:

• Avoid Clicking Ads: If an offer seems too good to be true, it probably is.
• Beware of Urgency: Ads that pressure you to act immediately or claim limited-time offers should be approached with caution.
• Research Thoroughly: Before making a purchase or entering your information, research the advertiser. Look for reviews, contact information, and a physical address.
• Inspect URLs: Always check the URL before clicking to ensure it leads to a legitimate website, and avoid shortened links which can be deceptive.

If you encounter a suspicious ad, report it to Facebook to help stop cybercriminals and protect other users. To report an ad:

1. Directly from the Ad:
   • Click the three dots on the top right of the ad.
   • Select ‘Report ad’ and follow Facebook’s instructions.
2. Through Meta Ad Library:
   • Search for the ad in the database.
   • Click the three dots on the top right of the ad.
   • Select ‘Report ad’ and follow Facebook’s instructions.

By staying informed and cautious, you can protect yourself and others from falling victim to these malicious schemes.