Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI’s SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware, Bleeping Computer reported.
The malvertising campaigns are created by hijacked Facebook profiles that impersonate popular AI services, pretending to offer a sneak peak of new features.
Users tricked by the ads become members of fraudulent Facebook communities, where the threat actors post news, AI-generated images, and other related info to make pages look legitimate.
However, the community posts often promote limited-time access to upcoming and eagerly anticipated AI-services, tricking the users into the download malicious executables that infect Windows computers with information-stealing malware like Rilide, Vidar, IceRAT, and Nova.
Information-stealing malware focuses on stealing data form a victim’s browser, including stored credentials, cookies, cryptocurrency wallet information, autocomplete data, and credit card information.
The Record reported cybercriminals are taking over Facebook pages and using them to advertise fake generative artificial intelligence software loaded with malware.
According to researchers at the cybersecurity company Bitdefender, the cybercrooks are taking advantage of the popularity of new generative AI tools and using “malvertising” to impersonate legitimate products like Midjourney, Sora AI, ChatGPT-5, and others.
The campaigns follow a certain blueprint. Cybercriminals take over a Facebook account and begin to make changes to the page’s descriptions, cover and profile photo. According to Bitdefender, they make “the page seem as if it is run by well-known AI-based image and video generators.”
They then populate the pages with purported product news and advertisements for software, which are themselves generated with AI software.
The downloads contain various types of info steeling malware – like Riide, Vidar, IceRAT, and Nova Stealers — which are available for purchase on the dark web, allowing unsophisticated cybercriminals to launch attacks.
According to The Record, the most notable Facebook page hijack involved the application Midjourney, a popular tool for creating AI-generated images. Its hijacked page had 1.2 million followers and was active for nearly a year before it was shut down earlier this month.
Tom’s Guide reported once an account is compromised, the hackers then give it an AI-themed makeover with a new cover and profile photos as well as descriptions to make it appear as if it is run by one of the well-known AI-generated photos and advertisements to further impersonate whichever AI image generator of video generate service they want to leverage in their attacks.
During their investigation, Bitedefender’s security researchers found that the hackers responsible used a much different approach with MidJourney. For other AI tools, they urged visitors to download the latest versions from Dropbox or Google Drive, but with Midjourney, they created more than a dozen malicious sites that impersonated the tool’s actual landing page. These sites then tried to trick visitors into downloading the latest version of the took via a GoFile link.
In my opinion, the cybercriminals are obviously terrible people who want to take advantage of others. I’m hoping that Facebook has taken swift action against the crooks who likely caused harm to several Facebook users.
