Bitdefender has released new research on an active malvertising campaign that targets Facebook users. The campaign takes advantage of the demand for artificial intelligence (AI) software and services, such as ChatGPT, Midjourney, or Sora AI, to infect systems with information stealers.
The following are the primary discoveries of the investigation:
- Massive reach: It is estimated that millions of people may have been affected by the issue. For instance, a Facebook page posing as Midjourney has 1.2 million followers. Additionally, a single ad targeting European men (aged 25-55) reached 500,000 users.
- Modus operandi: Cybercriminals take over existing Facebook accounts and modify the page's settings to make it appear as if it is being run by a legitimate AI-powered software company. Once the page is set up, the criminals serve ads promoting AI services and software, along with calls to action to click on links that redirect to a malicious website or immediately start downloading information stealers to infect systems.
- Adaptability: Criminals frequently alter their payloads to reduce the risk of detection. Upon analysis, it was discovered that some of the accounts had been hijacked by criminals nearly a year prior, allowing them ample time to modify and refine their campaigns.
-
Tips for Facebook users:
-
Be vigilant: Be aware of and steer clear of ads that redirect you to another site or offer instant downloads.
- Check the source: Always verify the authenticity of sites and advertisements before interacting with them.