Deceptive AI Software Ads on Facebook: A Rising Cybersecurity Threat

Reading Time: ( Word Count: )

August 29, 2023

Businesses that operate on Facebook need to be vigilant, as hackers have devised a method to use the platform to distribute malware, according to the latest findings from cybersecurity specialists.

Trend Micro’s cybersecurity experts have shed light on a crafty scheme in which attackers misuse Facebook ads. The attackers exploit the burgeoning interest in Artificial Intelligence (AI) and Large Language Models (LLM) to lure businesses into downloading malicious software.

The detailed report from Trend Micro underlines the endgame of this nefarious campaign: to hijack the funds earmarked by businesses for Facebook advertising. Once accessed, these funds can be used to further the hackers’ own sinister objectives.

Here’s the ruse in detail: The unidentified cybercriminals roll out Facebook advertisements touting fictitious software, which, they claim, can elevate productivity, broaden outreach, augment revenue, or even facilitate teaching. This software is purportedly backed by sophisticated AI technologies, with mentions of “Bard” – an AI chatbot developed by Google and not available in the European Union (EU) – and a nebulous “Meta AI”.

Also Read: Microsoft Entra ID-Azure-Vulnerability: The Perils of Neglected URLs.

Deceptive AI Software Ads on Facebook

Victims are prompted to click a link within the ad to get the software. This link directs them to a landing page set up on Google Sites, where a conspicuous download button awaits. Clicking this button triggers the malware download, housed on reputable cloud storage platforms like Google Drive and Dropbox.

What might catch users off guard is the malware’s camouflage. It’s an MSI file nestled within an encrypted archive, secured with an elementary password. This guise helps it evade detection from antivirus software. If the victims proceed to install this software, they unwittingly introduce a malevolent Chrome extension that masquerades as Google Translate. Contrary to its appearance, this extension pilfers vital information like Facebook cookies and access tokens. The ultimate objective? To determine if the compromised Facebook account oversees a business page and has funds reserved for Facebook ad campaigns. These funds, once accessed, serve the ulterior motives of the cyber attackers.

While the perpetrators remain unidentified, a significant lead has emerged. Trend Micro researchers stumbled upon Vietnamese keywords and script components within the malware, hinting at its possible origin.

Always exercise caution when dealing with unfamiliar software or links, even if they appear legitimate.




Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Wi-Fi Security Key vs. Password: Unraveling the Difference

Wi-Fi Security Key vs. Password: Unraveling the Difference

In the digital age, where connectivity is king, securing our Wi-Fi networks is paramount. When it comes to ...
Instagram Security Code Not Working

Instagram Security Code Not Working

In the realm of social media, Instagram stands as one of the most popular platforms for sharing moments, ...
T-Mobile App Glitch Exposes User Data: Data Privacy Concerns Arise

T-Mobile App Glitch Exposes User Data: Data Privacy Concerns Arise

Today, T-Mobile users reported an alarming issue where they were able to view the account and billing details of ...
Best Anonymous Crypto Wallet

Best Anonymous Crypto Wallet

Many Bitcoin users value their anonymity. You must ensure that your personal information and digital assets are ...

Submit a Comment

Your email address will not be published. Required fields are marked *