Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Fake AI Facebook ads are luring in businesses to have their data stolen

facebook

Hackers are trying to trick businesses with a Facebook presence to install malware, cybersecurity researchers have revealed. 

Cybersecurity researchers from Trend Micro recently published an in-depth analysis of a campaign leveraging Facebook ads, and tapping into the Artificial Intelligence (AI) and Large Language Models (LLM) trends, to trick businesses into installing malware.

In its report, the team says the ultimate goal of the malware is to grant its masters access to the budget these firms set aside for Facebook advertising so that they can use it to further their own malicious goals.

Meta AI

In the campaign, unnamed threat actors created Facebook ads that promoted fake software designed to boost productivity, increase reach and revenue, or assist in teaching. This software was advertised as being powered by AI, including Bard - Google’s AI-powered chatbot that’s currently unavailable in the European Union (EU), and something called “Meta AI”. 

To access the software, the victims were invited to click on the link provided in the ad copy. The link leads the victims to a landing page hosted on Google Sites, which holds a download button. Pressing the button initiates the download of malware stored on Google Drive, Dropbox, and similar legitimate cloud storage solutions. 

The malware - a single MSI file - was hidden in an encrypted archive with a simple password, which allowed it to bypass antivirus programs. Victims who take the bait and install the software on their endpoints will get a malicious Chrome extension that impersonates Google Translate. In reality, the malware steals Facebook cookies, access tokens, and other information, all with the goal of assessing whether the victim’s Facebook account has access to a company page, and has funds preloaded to use in running Facebook ad campaigns. Ultimately, the funds would be used by the hackers to advertise their own goals.

While the identity of the threat actors was not disclosed, the researchers found several keywords and variables in the malicious script in Vietnamese. 

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.