Cybercriminals have now begun using Facebook advertisements to spread password-stealing malware designed only for Windows PCs. According to security researchers from Trustwave, this malware is being propagated by some rogue advertisements tricking users into downloading malicious software.
According to BleepingComputer, these campaigns come with various evil techniques to attract victims, some of which are fake promotions related to Windows themes and pirated software downloads. In that respect, the advertisements spread through newly registered business accounts on Facebook or hijack other existing ones, hence deceiving users into thinking that they are legitimate.
Researchers at Trustwave have found that criminals operating these campaigns posted thousands of ads. The most prolific, a campaign called “blue-softs,” ran 8,100 ads, with another, “xtaskbar-themes” running 4,300 ads. Their ads redirect users to a malicious site, commonly, Google Sites or True Hosting, which appears to be legitimate download pages.
These arrive inside downloaded files, typically ZIP archives, which contain the SYS01 information-stealing malware. First detected by Morphisec in 2022, this malware utilized a combination of executables, DLL files, PowerShell scripts, and PHP scripts to infect and steal data from infected systems. The types of data that SYS01 can steal include browser cookies, stored passwords, and browsing history. It is also able to harvest the victim’s details, such as names, emails, and birthdays from their profiles, using Facebook cookies.
Even the users who do not frequent Facebook very often are not spared, since similar malvertising campaigns hit YouTube and LinkedIn. Trustwave underlined being vigilant because of the inherent nature of social media, which makes the threat much greater due to their widespread deployment.
Experts will advise users not to click the ad at all to be safe from these threats. Hackers can easily buy ad space, so it is always wise to avoid touching any online ad. Instead, the user should go straight to the website of the company, or use search engines to get what they need. Also, robust antivirus software can help safeguard against malware and other cyber threats.
Both Google and Facebook are putting a lot of effort into fighting back, but still, users need to be very, very careful. Avoid downloading content from unknown sources, and be also very careful when interacting with web advertisements.
The various activities of the long-running SYS01 advertisement campaign served as a reminder to users to be more aware when working online. As noted in Trustwave’s report, there has been a change in the delivery vector from more risqué clickbait, which only has specific appeal to adult audiences, to more general audience-oriented ad categories like window themes and AI-based software tools.
In other words, as malvertising across major social media platforms such as Facebook, YouTube, and LinkedIn increases, one will have to be more proactive about online security. It requires being aware of the threat and thus being more careful to avoid falling into the trap set by such advanced cyber threats.