Hackers are trying to fool businesses with a Facebook presence to install malware, cybersecurity researchers have revealed.
Trend Micro cybersecurity researchers recently released in-depth analysis of a campaign that leverages Facebook Ads and taps into Artificial Intelligence (AI) and Large Language Patterns (LLM) trends, to induct businesses to install malware.
In his relationshipthe team says the malware’s ultimate goal is to grant its masters access to the budget these companies have set aside for Facebook advertising so they can use it to further their own malicious goals.
In the campaign, unnamed threat actors created Facebook ads promoting fake software designed to boost productivity, increase reach and revenue, or assist in teaching. This software has been advertised as AI-based, including Bard, Google’s AI-powered chatbot not currently available in the European Union (EU), and something called “Meta AI”.
To access the software, victims were instructed to click on the link provided in the ad text. The link leads victims to a landing page hosted on Google Sites, which contains a download button. Pressing the button starts the download of malware stored on Google Drive, Dropbox and similar legitimate cloud storage solutions.
The malware, a single MSI file, was hidden in an archive encrypted with a simple password, which allowed it to bypass antivirus programs. Victims who take the bait and install the software on their endpoints will receive a malicious Chrome extension that mimics Google Translate. In reality, the malware steals Facebook cookies, access tokens, and other information, all with the goal of assessing whether the victim’s Facebook account has access to a business page and has preloaded funds to use for executing Facebook advertising campaigns. Eventually, the funds would be used by the hackers to advertise their goals.
While the identities of the threat authors were not disclosed, the researchers found several keywords and variables in the malicious Vietnamese script.