fake-ai-facebook-ads-malware

Cybercriminals are hijacking Facebook AI editor ads to launch a new campaign of ‘malvertising’. These deceptive campaigns are designed to lure unsuspecting users into downloading malware disguised as cutting-edge AI tools.

Trend Micro discovered this latest malvertising campaign. Their researchers found that the attackers were hijacking already popular pages typically related to photography.

They would then change the page name to make them seem connected to popular AI photo editors, create posts with links to fake websites made to mimic the websites of legitimate photo editors and then boost the traffic to the post with paid ads.

fake-facebook-ai-ad-example

The cyber criminal first sends a phishing message to the administrator of the facebook page they are targeting. They are then asked to verify their personal information on a fake account protection page.

Read: Security Stinger: Bumblebee Malware is Buzzing Around Google Ads

In doing so, the target has provided all the necessary information for the attacker to steal their profile and attached Facebook page and begin posting malicious ads.

The ads promise incredible capabilities, such as advanced text generation, image creation, or even personal assistants, for free or at seemingly irresistible prices. 

Clicking one of these malicious ads will lead to a fake website that prompts users to input credentials and download the advertised software.

In reality, the website will then deposit malware onto the user's device. This malicious software is dangerous for a number of reasons including: 

Data theft

Malicious software uses various techniques to steal data depending on the information it is targeting. Keylogging involves recording every keystroke made on the infected device, this captures everything from sensitive information like passwords and credit card numbers to personal information sent in messages and emails. Once the keystrokes are captured, they are typically stored on the infected device or transmitted to a remote server controlled by the attacker.

Form grabbing is another technique where malware intercepts data entered into online forms, such as login credentials and payment details. Typically when a user fills out a web form, the data is normally sent to a secure server. However, a form grabber intercepts this data before it reaches the server. The malware then extracts the relevant data from the form, such as usernames, passwords, or credit card details which is transmitted to a remote server. 

Information stealing trojans are designed to infiltrate computer systems and steal sensitive data. They are among the most dangerous threats to individuals and organizations alike.These trojans operate covertly and once installed, they begin to scour the system for valuable information, including financial and personal information as well as corporate data and intellectual property.

System damage

Malicious software downloaded from ads can cause significant damage to your system. The malware deposited can corrupt important files and programs on your system, rendering them completely unusable.

Malware can cause your entire system to become unstable, leading to crashes, freezes, and other unexpected behavior. As part of this process the malware can also slow down your system by consuming resources.

The deposited malware can also be used as a way in for more sophisticated scams. It can make your system more vulnerable to further attacks by hackers by creating hidden backdoor entrances that cybercriminals can exploit as well as disabling security software without the users knowledge.

Financial loss

Malware often steals personal information like social security numbers, credit card details, and bank account information. This data can be used for identity theft, leading to fraudulent transactions and un-authorized purchases. 

Some malware targets online banking credentials, allowing cybercriminals to transfer funds out of your accounts. It can also steal cryptocurrency wallets and private keys, resulting in the loss of digital assets which cannot be recovered.

How to protect yourself from fake Facebook ads

Fake Facebook ads are becoming increasingly common, so it's important to be vigilant. The best thing to do is avoid clicking ads altogether. 

If an offer seems too good to be true, it probably is. Beware of ads that pressure you to act immediately or those boasting limited-time offers. 

Before making a purchase or inputting your information, research the advertiser thoroughly. Look for reviews, contact information, and a physical address. Always inspect the URL before clicking to ensure it leads to a legitimate website and avoid shortened links as these can be duplicitous. 

Read: What Happened to the Metaverse? How Zuck's VR Dream Died

If you see an ad that raises red flags ensure that you report this to Facebook to help stop cybercriminals in their tracks and prevent risk to other less tech savvy users. To report an ad when you see it in your click the three dots on the top right of the ad. Click ‘report ad’ and follow Facebook’s instructions. 

To report an ad later on navigate to the ‘Meta Ad Library’. Search for the ad in their database until you find the one you were suspicious of. Click the three dots on the top right of the ad. Click ‘report ad’ and follow Facebook’s instructions.