Deceptive AI Software Ads on Facebook: A Rising Cybersecurity Threat

Reading Time: ( Word Count: )

August 29, 2023

Businesses that operate on Facebook need to be vigilant, as hackers have devised a method to use the platform to distribute malware, according to the latest findings from cybersecurity specialists.

Trend Micro’s cybersecurity experts have shed light on a crafty scheme in which attackers misuse Facebook ads. The attackers exploit the burgeoning interest in Artificial Intelligence (AI) and Large Language Models (LLM) to lure businesses into downloading malicious software.

The detailed report from Trend Micro underlines the endgame of this nefarious campaign: to hijack the funds earmarked by businesses for Facebook advertising. Once accessed, these funds can be used to further the hackers’ own sinister objectives.

Here’s the ruse in detail: The unidentified cybercriminals roll out Facebook advertisements touting fictitious software, which, they claim, can elevate productivity, broaden outreach, augment revenue, or even facilitate teaching. This software is purportedly backed by sophisticated AI technologies, with mentions of “Bard” – an AI chatbot developed by Google and not available in the European Union (EU) – and a nebulous “Meta AI”.

Also Read: Microsoft Entra ID-Azure-Vulnerability: The Perils of Neglected URLs.

Deceptive AI Software Ads on Facebook

Victims are prompted to click a link within the ad to get the software. This link directs them to a landing page set up on Google Sites, where a conspicuous download button awaits. Clicking this button triggers the malware download, housed on reputable cloud storage platforms like Google Drive and Dropbox.

What might catch users off guard is the malware’s camouflage. It’s an MSI file nestled within an encrypted archive, secured with an elementary password. This guise helps it evade detection from antivirus software. If the victims proceed to install this software, they unwittingly introduce a malevolent Chrome extension that masquerades as Google Translate. Contrary to its appearance, this extension pilfers vital information like Facebook cookies and access tokens. The ultimate objective? To determine if the compromised Facebook account oversees a business page and has funds reserved for Facebook ad campaigns. These funds, once accessed, serve the ulterior motives of the cyber attackers.

While the perpetrators remain unidentified, a significant lead has emerged. Trend Micro researchers stumbled upon Vietnamese keywords and script components within the malware, hinting at its possible origin.

Always exercise caution when dealing with unfamiliar software or links, even if they appear legitimate.

Saher Mahmood

Saher Mahmood


Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...

Submit a Comment

Your email address will not be published. Required fields are marked *