Hackers are reportedly using fraudulent advertisements on Facebook and hijacked pages to promote fake AI services, such as MidJourney, OpenAI’s Sora (text-to-video creator), ChatGPT-5 (AI chatbot) and Dall-E (text-to-image convertor), to infect millions of unsuspecting users with password-stealing malware.
Called malvertising, these campaigns are created by hackers and these Facebook pages impersonate popular AI services, pretending to offer a sneak preview of new features. Curious users are tricked by these ads and become members of fraudulent Facebook communities.
In these communities, hackers post news, AI-generated images and other related information to make the pages look legitimate. Some of these posts are labelled “limited-time”, essentially igniting more user interest.
With these community posts that promote limited-time access to upcoming and eagerly anticipated AI services, hackers trick the users into downloading malicious files that infect Windows computers with information-stealing malware, like Rilide, Vidar, IceRAT, and Nova.
Hackers steal personal data and private information
These information-stealing malware then focus on stealing data from a victim’s browser. The data include stored credentials (like usernames and passwords), cookies, cryptocurrency wallet information, autocomplete data and credit card information.
Hackers then use this data to breach the target’s online accounts and even promote further scams or conduct fraud. Hackers also sell the stolen data on dark web markets.
What users can do
Recently, the government issued a warning message to some citizens, cautioning them about fake advertisements on social media platforms to trick them into scams.
“Beware of fraudulent advertisements of stock market/trading/free tips on social media apps!! They may use deepfake videos and images. Never fall prey to greed. Stay safe from scammers,” the message sent from the government read.
Users must watch out for social media ads that sound too good to be true as they often promise quick fixes or unrealistic benefits. It’s best to avoid interacting with ads from unknown accounts or brands. Look for signs of legitimacy such as logos or company badges. Scammers can even use deepfakes, which are manipulated videos, to make their ads seem real.