Hackers are exploiting Facebook ads to distribute password-stealing malware targeting Windows PCs, as reported by BleepingComputer. Security researchers at Trustwave have identified several new campaigns, that employ counterfeit Windows themes and pirated games and software downloads as lures. The hackers either establish new Facebook business accounts or seize existing ones to execute these campaigns.
Tactics
Thousands of malicious ads launched in individual campaigns
Trustwave’s report discloses that hackers have initiated thousands of advertisements for each individual campaign. For instance, the leading campaign named “blue-softs” launched 8,100 ads while “xtaskbar-themes” released 4,300 ads. Clicking on these deceptive ads can redirect potential victims to malicious sites hosted on Google Sites or True Hosting, which masquerade as download pages for the advertised themes or software.
Malware disguise
Malware disguised as downloadable files in deceptive ads
The download button on these malicious sites triggers a ZIP file download, with a name corresponding to the advertised product. However, these ZIP files actually harbor the SYS01 info-stealing malware, first identified by cybersecurity firm Morphisec in 2022. This malware uses a mix of executables, dynamic-link library (DLL) files, PowerShell scripts, and PHP scripts to install itself and pilfer data from targeted Windows PCs.
You’re 50% through
Data theft
SYS01 malware steals personal data from infected devices
SYS01 malware is capable of stealing browser cookies, stored passwords, and browsing history. It also comprises a task that uses Facebook cookies on an infected device to extract data from a victim’s profile. This data includes the victim’s name, birthday, email, and more on the social network. Trustwave has also observed similar malvertising campaigns on YouTube and LinkedIn, suggesting that even non-Facebook users need to exercise caution.
User protection
Safety measures against malvertising campaigns
To safeguard against such campaigns, it is advised not to click on ads as hackers can purchase ad space just like legitimate businesses. The FBI even recommends using an ad-blocker. If an ad for a product or service piques your interest, it’s safer to search for the item directly on a search engine or the company’s site. Utilizing top-notch antivirus software can also offer protection against potential malware or viruses spread through ads.
