Facebook ads for this fake AI image editor were just an excuse to infect your PC with malware

(Image credit: Pixabay) (Image credit: Shutterstock)

Attackers have been abusing the popularity of AI image editing tools to trick users into installing applications that mimic legitimate tools that are loaded with malware.

The campaign uses hijacked Facebook accounts to push the applications on social media using paid advertising to spread the malware.

Facebook malvertising

Jaromir Horejsi, a threat researcher for Trend Micro who analyzed the campaign, said “We discovered a malvertising campaign involving a threat actor that steals social media pages, changing their names to make them seem connected to popular AI photo editors. The threat actor then creates malicious posts with links to fake websites made to resemble the actual website of the legitimate photo editor. To increase traffic, the perpetrator then boosts the malicious posts via paid ads” (via BleepingComputer).

The software package that the victims install is not the AI image editor, and is instead the Itarian remote desktop tool which then launches a downloader on the victims device that installs the Lumma Stealer malware. This malware covertly sniffs through the victims files in search of valuable data, such as cryptocurrency wallet files, credentials, password manager files, and browser data.

This data is then sold on the dark web, or used to take over other accounts using compromised credentials in order to promote more scams.

In response to the campaign, Horejsi provided some ways to stay safe from the campaign, stating, “Users should enable multi-factor authentication (MFA) on all social media accounts to add an extra layer of protection against unauthorized access. Organizations should educate their employees on the dangers of phishing attacks and how to recognize suspicious messages and links. Users should always verify the legitimacy of links, especially those asking for personal information or login credentials.”

More from TechRadar Pro

Here is our guide to the best anonymous browsers
Report finds macOS fares worse than Windows and Linux at preventing cyber attacks
These are the best firewalls around right now

TOPICS

Benedict has been with TechRadar Pro for over two years, and has specialized in writing about cybersecurity, threat intelligence, and B2B security solutions. His coverage explores the critical areas of national security, including state-sponsored threat actors, APT groups, critical infrastructure, and social engineering.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the Centre for Security and Intelligence Studies at the University of Buckingham, providing him with a strong academic foundation for his reporting on geopolitics, threat intelligence, and cyber-warfare.

Prior to his postgraduate studies, Benedict earned a BA in Politics with Journalism, providing him with the skills to translate complex political and security issues into comprehensible copy.