Fake AI Facebook ads are luring in businesses to have their data stolen

(Image credit: 123RF)

Hackers are trying to trick businesses with a Facebook presence to install malware, cybersecurity researchers have revealed. 

Cybersecurity researchers from Trend Micro recently published an in-depth analysis of a campaign leveraging Facebook ads, and tapping into the Artificial Intelligence (AI) and Large Language Models (LLM) trends, to trick businesses into installing malware.

In its report, the team says the ultimate goal of the malware is to grant its masters access to the budget these firms set aside for Facebook advertising so that they can use it to further their own malicious goals.

Meta AI

In the campaign, unnamed threat actors created Facebook ads that promoted fake software designed to boost productivity, increase reach and revenue, or assist in teaching. This software was advertised as being powered by AI, including Bard - Google’s AI-powered chatbot that’s currently unavailable in the European Union (EU), and something called “Meta AI”. 

To access the software, the victims were invited to click on the link provided in the ad copy. The link leads the victims to a landing page hosted on Google Sites, which holds a download button. Pressing the button initiates the download of malware stored on Google Drive, Dropbox, and similar legitimate cloud storage solutions. 

The malware - a single MSI file - was hidden in an encrypted archive with a simple password, which allowed it to bypass antivirus programs. Victims who take the bait and install the software on their endpoints will get a malicious Chrome extension that impersonates Google Translate. In reality, the malware steals Facebook cookies, access tokens, and other information, all with the goal of assessing whether the victim’s Facebook account has access to a company page, and has funds preloaded to use in running Facebook ad campaigns. Ultimately, the funds would be used by the hackers to advertise their own goals.

While the identity of the threat actors was not disclosed, the researchers found several keywords and variables in the malicious script in Vietnamese. 

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.