The integration with Facebook Ads is a great advertisement technique, but somehow hackers are trying to trick businesses with a Facebook presence into installing malware.
Cybersecurity researchers from Trend Micro recently published an in-depth analysis of a campaign leveraging Facebook ads and tapping into the Artificial Intelligence (AI) and Large Language Models (LLM) trends to trick businesses into installing malware. The report reveals that the goal of malware is to grant its masters access to the budget these firms set aside for Facebook advertising so that they can use it to further their malpractice.
Meta AI
During the campaign, some individuals created Facebook ads promoting software that claimed to enhance productivity, expand online reach and income, or assist in educational endeavors. The ads also mentioned that this software was powered by artificial intelligence including Bard. Google's AI chatbot is not currently available, in the European Union (EU), and something called "Meta AI."
To obtain this software, unsuspecting people were enticed to click on the link provided in the ad description. This link took them to a landing page hosted on Google Sites, where they encountered a download button. When they clicked on this button, it led to the download of malware that was stored on cloud storage platforms like Google Drive, Dropbox, and others.
The malware was a cleverly disguised MSI file hidden within an encrypted, password-protected archive. This sneaky technique allowed it to avoid detection by antivirus programs. Those who fell into this trap and installed the software on their devices ended up with a Chrome extension pretending to be Google Translate. This malware stole Facebook cookies, access tokens, and other sensitive information to determine if the victim's Facebook account had access to a company page and contained funds for running Facebook ad campaigns. In the end, the hackers had plans to use these funds for their goals. The hackers behind these threats have not been revealed. Keywords and variables written in Vietnamese have been detected in the code. If you find this information useful, make sure to share it with your colleagues and friends. We recommend you subscribe to our weekly newsletter so that more information like this is easily available to you. Also, do let us know if you have feedback or suggestions regarding this blog in the comment section below.
ExcelliMatrix is not just an IT solutions company; we are your cybersecurity guardians. Protect your business and data from evolving threats with our cutting-edge services. We assure you that partnering with us will benefit you in the near future. You can contact us at 406-646-2102 or feel free to drop us an email at sales@excellimatrix.com. Stay connected with us on LinkedIn and Facebook and do follow us on Twitter for more information like this.
