Beware of AI Application Ads on Facebook, Accounts Can Be Stolen
Morrissey Technology – The trend of using artificial intelligence (AI) has been spreading in recent times. Not surprisingly, many technology companies promote their AI products through advertisements on social media. However, users also need to be careful and not carelessly click on AI application advertisements on social media, especially Facebook. The reason is, a fake ad on Facebook targets users looking for an AI image editing tool and steals their credentials by tricking them into installing a fake application that imitates the original software.
According to Bleeping Computer, hackers are exploiting the popularity of AI-based image creation tools by creating malicious websites that closely resemble the original service and tricking potential victims into infecting themselves with information-stealing malware. This was discovered by Trend Micro researchers who analyzed the ad.
The attack began with a phishing message sent to the Facebook page owner or admin, which would redirect them to a fake account protection page designed to trick them into providing login information. After stealing their credentials, the perpetrators hijacked the accounts, took control of their pages, published malicious social media posts, and promoted them through paid advertising.
“We discovered a malvertising campaign involving threat actors stealing social media pages (often related to photography), changing their names to appear connected to a popular AI photo editor,” said Trend Micro researcher Jaromir Horejsi.
“The threat actor then created a malicious post with a link to a fake website that was made to resemble a legitimate photo editor website. To increase traffic, the perpetrator then boosted the malicious post through paid advertising,” he continued.
Facebook users who click on the URL in the malicious ad will be sent to a fake web page masquerading as genuine AI photo editing and creation software, and will then be asked to download and install a software package. Instead of installing AI image editing software, victims installed an ITarian remote desktop tool that was configured to launch a downloader that automatically deployed the Lumma Stealer malware.
This malware then silently infiltrates their systems, allowing hackers to collect and compromise sensitive information such as credentials, cryptocurrency wallet files, browser data, and password manager databases. This data is then sold to other cybercriminals or used by attackers to break into victims’ online accounts, steal their money, and promote further fraud.
“Users should enable multi-factor authentication (MFA) on all social media accounts to add an extra layer of protection against unauthorized access,” advises Horejsi.
“Organizations must educate their employees about the dangers of phishing attacks and how to recognize suspicious messages and links. Users should always verify the legitimacy of links, especially those that ask for personal information or login credentials,” he continued.