Cybercriminals are exploiting Facebook by impersonating popular AI brands to disseminate malware, according to Bitdefender researchers. These malicious actors seize control of Facebook pages and promote counterfeit generative AI software, including brands like Midjourney and Sora AI. By leveraging “malvertising,” they deceive users into downloading malware-infected software under the guise of legitimate AI tools, perpetuating their schemes with various infostealing malware types like Rilide and Vidar, purchasable on the dark web.
The attackers meticulously modify hijacked Facebook pages, altering descriptions, cover photos, and profile images to mimic renowned AI-based image and video generators. They populate these pages with fabricated product updates and AI-generated advertisements, luring unsuspecting users into downloading malware-ridden software. The campaigns have notably targeted European users, exploiting Meta’s sponsored ad system to achieve widespread reach, while particularly hijacking prominent pages like the one associated with Midjourney, which amassed 1.2 million followers before its shutdown.
Despite efforts to shut down hijacked pages, cybercriminals persist, swiftly establishing new ones to perpetuate their malicious activities. Notably, the hijacked Midjourney page garnered an advertising reach of approximately half-a-million European users before its demise, signaling the magnitude of these deceptive campaigns. Concerns mount over the abuse of AI tools by cybercriminals, with experts warning about the increasing threat posed by deepfake technology.
