Threat actors are using advertisements and hijacked pages on Facebook to promote fake artificial intelligence services that are used to spread password-stealing malware online. Hackers use the lure of AI services like MidJourney, OpenAI’s Sora, ChatGPT-5 and Dall-E to trick users into downloading malicious code, that is used to steal information from the victim’s device.
The operation makes use of both Fabeook pages and advertisements to promote fake pages with impersonations of fake AI services.
These pages are used to create fraudulent communities, where threat actors post news, AI-generated images, and other related information to make the pages look legitimate, a report from Bleeping Computer said.
The communities are then used to promote limited-time access to upcoming and eagerly anticipated AI services, tricking users into downloading malicious executable codes that infect Windows devices.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Threat actors also use these communities to create and promote NFT art and monetise their creations.
Threat actors were also found to have created multiple websites to avoid using Dropbox and Google Drive and lend legitimacy to the downloads. Additionally, threat actors were also found to have cloned the official websites of Midjourney landing page with GoFile link to lure victims.
Files promoted as providing AI services when downloaded contain codes capable of stealing sensitive information, including saved credentials, cookies, cryptocurrency wallet information, autocomplete data and credit card information.
This is not the first time threat actors are leverging users’ interest in new technology to launch malicious campaigns. Earlier similar campaigns used crypto trading to lure users. The campaign also highlights the sophistication and success of social media-based maladvertising strategies.
The increasing scale of social media networks such as Facebook, that allow advertisements to be run without sufficient moderation has allowed such campaigns to sustain over long periods of time increasing the scope and damage caused by them. Users are advised to tread cautiously and avoid downloading files from unverified sources.
