A discovery found on Facebook ads is advertising fake Windows themes that are hiding malware, and downloading these files would lead to one's computer being infected. This new campaign is looking to trick users into installing malware that has the capability to steal sensitive information from the computer where it was installed, and it may bring access to accounts and more.
The malware discovered by researchers claims that it is an 'infostealer,' and it was first detected back in mid-2022, but has evolved since then.
Facebook Ads Bring Fake Windows Themes Hiding Malware
The cybersecurity research firm known as Trustwave released a new report behind a new campaign from hackers that brought existing malware to Facebook ads, hiding behind Windows themes and other programs. According to the security team, this employs the 'infostealer' known as 'SYS01 stealer,' a threat that first manifested in 2022.
The SYS01 is similar to other infostealers but this latest discovery claimed that it brought improvements to evade detection better and targeting. The improved variant of the infostealer can also determine if it is being reverse-engineered.
This latest infostealer can also swipe Facebook ads and business account information to create more fake ads.
Read also: Study: Millions of Google Chrome Web Store Users at Risk of Running Extensions Infected with Malware
Beware of Downloading Apps, Themes via Facebook Ads
Facebook ads with SYS01 infostealer can obtain cookies, login credentials, and other sensitive information when downloaded on one's computer. The latest spotting saw it posing as Windows themes to download, but it is not limited to that as it can also be fake games, AI apps, and others.
The threat also appeared on LinkedIn and YouTube ads, regarded to be active since September 2023.
Facebook Ads With Malware Used by Threat Actors
It is easy to advertise via Facebook as users only need to pay a certain amount and have an existing account on the social media platform to be able to distribute it online. Back when AI apps and programs were on the rise in 2023, bad actors took advantage of this massive trend to enforce their malware masquerading as software bringing the generative technology.
However, despite the initial discovery of these campaigns, it was not stopped immediately, as other threat actors have also remained active on Facebook in deploying their 'malvertising' campaigns. While this specific campaign has been present in various platforms, Facebook was where it was most abundant claims the report from researchers, and brings nothing but threats that may be hard to detect.
Despite the reports and warnings from security researchers, the malware campaign via social media ads is still ongoing, with the latest discovery popping up again online. The infostealer malware known as SYS01 is still active and thislatest spotting claimed that it evolved to better remain undetected, with it having new evasive features that bring protections a harder time to fight against it.
Related Article : CSAM Pedophiles Identified via Dark Web Malware