Businesses that operate on Facebook need to be vigilant, as hackers have devised a method to use the platform to distribute malware, according to the latest findings from cybersecurity specialists.

Trend Micro’s cybersecurity experts have shed light on a crafty scheme in which attackers misuse Facebook ads. The attackers exploit the burgeoning interest in Artificial Intelligence (AI) and Large Language Models (LLM) to lure businesses into downloading malicious software.

The detailed report from Trend Micro underlines the endgame of this nefarious campaign: to hijack the funds earmarked by businesses for Facebook advertising. Once accessed, these funds can be used to further the hackers’ own sinister objectives.

Here’s the ruse in detail: The unidentified cybercriminals roll out Facebook advertisements touting fictitious software, which, they claim, can elevate productivity, broaden outreach, augment revenue, or even facilitate teaching. This software is purportedly backed by sophisticated AI technologies, with mentions of “Bard” – an AI chatbot developed by Google and not available in the European Union (EU) – and a nebulous “Meta AI”.

Also Read: Microsoft Entra ID-Azure-Vulnerability: The Perils of Neglected URLs.

Victims are prompted to click a link within the ad to get the software. This link directs them to a landing page set up on Google Sites, where a conspicuous download button awaits. Clicking this button triggers the malware download, housed on reputable cloud storage platforms like Google Drive and Dropbox.

What might catch users off guard is the malware’s camouflage. It’s an MSI file nestled within an encrypted archive, secured with an elementary password. This guise helps it evade detection from antivirus software. If the victims proceed to install this software, they unwittingly introduce a malevolent Chrome extension that masquerades as Google Translate. Contrary to its appearance, this extension pilfers vital information like Facebook cookies and access tokens. The ultimate objective? To determine if the compromised Facebook account oversees a business page and has funds reserved for Facebook ad campaigns. These funds, once accessed, serve the ulterior motives of the cyber attackers.

While the perpetrators remain unidentified, a significant lead has emerged. Trend Micro researchers stumbled upon Vietnamese keywords and script components within the malware, hinting at its possible origin.

Always exercise caution when dealing with unfamiliar software or links, even if they appear legitimate.