Attackers are exploiting Facebook pages to spread the Lumma stealer, a malicious infostealer that targets user credentials. Discovered by Trend Micro researchers, this sophisticated malvertising campaign leverages the popularity of artificial intelligence (AI) tools to deceive users. The attackers hijack legitimate Facebook pages through phishing tactics, gaining unauthorized control and using these pages to promote a fake AI photo editor. This ruse lures victims into downloading what they believe is a legitimate utility but is actually an endpoint management software used to deliver the Lumma stealer.
The attack begins with phishing messages sent to the owners of targeted Facebook pages. These messages contain links that appear legitimate but lead to fake account protection pages designed to capture login credentials. Once the attackers gain control of the page, they create and post ads for a fake AI photo editor, tricking users into downloading software that is actually the Lumma stealer. This malicious software then targets sensitive information, including user credentials, system details, browser data, and extensions.
The campaign has seen significant distribution, with approximately 16,000 downloads on Windows systems and around 1,200 on macOS. However, the macOS version of the attack redirects users to the Apple website, indicating that the primary focus is on Windows users. The use of AI-themed lures and legitimate-looking tools highlights the attackers’ strategy to exploit current technology trends and manipulate users into falling victim to their schemes.
To protect against such threats, users are advised to enable multifactor authentication, use strong and unique passwords, and regularly monitor their accounts for any unusual activity. Organizations should also prioritize cybersecurity awareness and training for employees, emphasizing the risks associated with phishing and social engineering attacks. Implementing robust detection and response mechanisms can further safeguard against these and other malicious campaigns.
Reference:
