Facebook ads for this fake AI image editor were just an excuse to infect your PC with malware

AI
(Image credit: Pixabay) (Image credit: Shutterstock)

Attackers have been abusing the popularity of AI image editing tools to trick users into installing applications that mimic legitimate tools that are loaded with malware.

The campaign uses hijacked Facebook accounts to push the applications on social media using paid advertising to spread the malware.

The attackers trick Facebook pages into surrendering their credentials with phishing messages that take users to fake account protection pages which then steal their password.

Facebook malvertising 

Jaromir Horejsi, a threat researcher for Trend Micro who analyzed the campaign, said “We discovered a malvertising campaign involving a threat actor that steals social media pages, changing their names to make them seem connected to popular AI photo editors. The threat actor then creates malicious posts with links to fake websites made to resemble the actual website of the legitimate photo editor. To increase traffic, the perpetrator then boosts the malicious posts via paid ads” (via BleepingComputer).

The software package that the victims install is not the AI image editor, and is instead the Itarian remote desktop tool which then launches a downloader on the victims device that installs the Lumma Stealer malware. This malware covertly sniffs through the victims files in search of valuable data, such as cryptocurrency wallet files, credentials, password manager files, and browser data.

Trend Micro

(Image credit: Trend Micro)

This data is then sold on the dark web, or used to take over other accounts using compromised credentials in order to promote more scams.

In response to the campaign, Horejsi provided some ways to stay safe from the campaign, stating, “Users should enable multi-factor authentication (MFA) on all social media accounts to add an extra layer of protection against unauthorized access. Organizations should educate their employees on the dangers of phishing attacks and how to recognize suspicious messages and links. Users should always verify the legitimacy of links, especially those asking for personal information or login credentials.”

More from TechRadar Pro

TOPICS
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
A padlock resting on a keyboard.
Understanding and avoiding malvertizing attacks
Fraud
Hackers are tricking victims into scam-yourself attacks with fake tutorials, CAPTCHAs, and updates
Trojan
Hackers hide malware into website images to go unnoticed
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Hands typing on a keyboard surrounded by security icons
The psychology of scams: how cybercriminals are exploiting the human brain
Latest in Pro
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Racks of servers inside a data center.
Modernizing data centers: an efficient path forward
Dr. Peter Zhou, President of Huawei Data Storage Product Line
Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Wix automation
The world's leading website builder aims to save businesses time with new tool
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over