In May 2023, Meta published a security report on the latest malware threats targeting users on Facebook. With the emergence of AI and ChatGPT, long-running malware families, including Ducktail and NodeStealer, took center stage in leading the attack on the Facebook ad system to distribute malware ads.
Bad actors hack verified Facebook pages and rename them to trustworthy brands like Facebook, Meta, Google AI, Bard, and more. These rebranded pages with verified checkmarks are then used to run ads with links to malware.
Meta claimed to have disrupted malware operations with rapid adversarial adaptation in the report. According to a report by Group-IB, more than 3,200 Facebook pages and profiles were compromised to impersonate tech brands, including keywords such as AI, ChatGPT, and Bard. After two months of decreased presence, The malware groups are wreaking havoc on Facebook once again.
Gallery: Malware Ads
This time, the malware ads are served through compromised, non-verified Facebook pages. We came across a group of these ads mimicking to be Google. The ads contain links to a download site hosted on the Google Sites platform. It includes a DropBox-hosted direct download hotlink to the actual 4.26 MB Malware RAR file.
Even though the zip is protected by the password mentioned in the website, browsers like Chrome can detect the malware during download and block it before it can attack the device. While Chrome detected and blocked the malware automatically, Windows Defender failed to detect it even when the installer was running.
The screenshot below shows one of the Malware ..
Support the originator by clicking the read the rest link below.
