Fraudsters Exploit Facebook Ads to Spread Infostealer via Fake AI Photo Editor

Written by CyberPro » Updated on: November 19th, 2024

News

Fraudsters Exploit Facebook Ads to Spread Infostealer | CyberPro Magazine

Cybercriminals are increasingly employing deceptive tactics to distribute malware, with a recent campaign demonstrating a sophisticated attack that exploits Facebook ads. By hijacking social media pages and masquerading as a legitimate AI photo editing tool, attackers are tricking users into downloading malware designed to steal sensitive information. This campaign, uncovered by Trend Micro researchers, highlights the growing threat of cyberattacks that leverage popular technology trends to deceive and defraud users.

Hijacking Facebook Pages for Malicious Facebook Ads

Researchers at Trend Micro have identified a new malvertising scheme in which attackers hijack Facebook pages to distribute malware. This campaign takes advantage of the popularity of AI technologies by promoting a fraudulent AI photo editor through paid Facebook Ads. The attackers use these ads to lure victims into downloading a seemingly legitimate utility, which is actually a disguise for the Lumma stealer—a type of infostealer designed to harvest sensitive information from users’ devices.

According to Trend Micro, the attackers first gain control of a Facebook page by sending phishing messages to its owner. These messages typically come from accounts with random names and appear as empty profiles. The phishing links lead to fake pages that request users to verify their information through a “Business Support Center” for Meta developers. This page, however, is a counterfeit that captures users’ login details and personal information. Once the attackers gain access to the page, they post ads promoting the AI photo editor, which redirects victims to a fake website that mimics a legitimate tool, such as Evoto.

Distribution and Targeting

The fake AI photo editor is designed to resemble the authentic software, making it difficult for users to distinguish between the real and fraudulent versions. When users download what they believe to be the photo editor, they are actually installing ITarian endpoint management software. This software is used by attackers to deploy the Lumma stealer, which is capable of capturing sensitive data, including login credentials, system information, and browser data.

The campaign has so far resulted in approximately 16,000 downloads on Windows systems and 1,200 on macOS. Notably, the macOS version of the malicious package redirects to the Apple website, suggesting that the attackers are primarily targeting Windows users with this campaign. The use of a legitimate utility in this manner, combined with the allure of AI technology, underscores the sophistication of modern phishing and malware distribution tactics.

Preventing and Mitigating Attacks

To protect themselves from such attacks, users and organizations need to adopt proactive

security measures. Trend Micro advises individuals to enable multifactor authentication on their social media accounts to add an extra layer of security against unauthorized access. Regularly updating passwords and using unique, strong passwords for different accounts can also reduce the risk of compromise.

Organizations should implement ongoing education and awareness programs to help employees recognize phishing attempts and other malicious activities on social media. It is crucial for employees to be vigilant about suspicious messages and links, particularly when accessing corporate networks. Additionally, monitoring for unusual account behavior, such as unexpected login attempts or changes to account details, can help detect and mitigate potential threats.

In conclusion, the Trend Micro report highlights a growing trend of cybercriminals exploiting popular technology and social media platforms to distribute malware. By understanding these tactics and adopting robust security practices, users and organizations can better protect themselves from becoming victims of such sophisticated attacks.