Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Facebook Security

Facebook Ads For Windows Desktop Themes Push Info-Stealing Malware (bleepingcomputer.com) 28

Cybercriminals are using Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. From a report: Trustwave researchers who observed the campaigns said the threat actors also promote fake downloads for pirated games and software, Sora AI, 3D image creator, and One Click Active. While using Facebook advertisements to push information-stealing malware is not new, the social media platform's massive reach makes these campaigns a significant threat.

The threat actors take out advertisements that promote Windows themes, free game downloads, and software activation cracks for popular applications, like Photoshop, Microsoft Office, and Windows. These advertisements are promoted through newly created Facebook business pages or by hijacking existing ones. When using hijacked Facebook pages, the threat actors rename them to suit the theme of their advertisement and to promote the downloads to the existing page members.

This discussion has been archived. No new comments can be posted.

Facebook Ads For Windows Desktop Themes Push Info-Stealing Malware

Comments Filter:
  • The use of advertisement to push malware is nothing new. Heck the idea to use advertisement to push anything untoward is nothing new. We get ads for all kinds of things, be they malware infected products masquerading as traditional products, games masquerading as other games (seriously you should check out the actual games advertised on Google, they aren't the same game you end up downloading, which is setting the bar quite low considering how rubbish the ads themselves look), to even advertising things whi

  • And folks, make sure you only use the latest AOL cd-rom's to install your software since there is a bad link injection virus going around....

  • Given that Facebook itself is info-stealing malware.

  • Probably came courtesy of an ad network. When you complain to FB about it, they'll just say they got it from GenericAdNet Inc... so you complain to GAN about it, and they will tell you they are only a service and are not responsible for the content. Your computer gets infected and you cannot point a finger at anyone to hold them responsible. And they wonder why I want to continue using ad blockers...
    • The bad guys are good at doing this as well, for example, only hitting one IP space once with their malicious stuff, so tracking where it came from is next to impossible. It seems that the ad providers have a wink-wink, nudge-nudge game with the malware providers, just because the money is good, and there is zero accountability, since there are usually ad networks nested... for example, look how many companies your click on a link goes through before actually landing on the destination site.

      Next to phishin

  • Heaven forbid something you download from a Facebook ad to run on your Windows, gets your info. That info belongs to Facebook, Microsoft, and the ad companies!

  • ...was surprised.

    "Tale as old as time."

    But seriously, I had a little nostalgia there for a moment for the times when practically anything you touched on the internet would try to pwn you. Facebook is just the latest vector.

  • I noticed this a while back. Not just ads but also sponsored posts that link to external sites.

    After my wife accidentally fell for one and I checked out what happened, I had to filter/block facebook links out to other sites. I don't have any percentages, but of the several "sponsored" links I checked, most went to the scam virus pages with phone numbers to call. Not surprised it has escalated

    Bottom line - ad blockers are a security layer, plain and simple. Every year there are stories about how malware has used an ad as an attack vector.

  • It has gotten bad lately. I report tons of links that deceptively bait and switch over to super scammy sites, and Facebook reports back that everything's legit.

    Follow the money ...
  • Comment removed based on user account deletion
  • Surely this is what Google had in mind. Google knows best.

  • Anecdata as I noticed this myself. Programmatic buying platforms for advertising often have some built-in, automate checks to validate the content doesn't break guidelines. Some platforms also perform a quality check on the click-through URL of the ad to ensure it doesn't lead consumers to domains that are clearly fraudulent. Over the last six months, have noticed an increase in Ads / Sponsored content coming through Meta where the content (image/text) of the Ad unit had zero correlation with the content
  • There, I fixed it. 'Marketing' means you're not lying, right?

    Seriously, I mean user posted stuff with no financial incentives is one thing to protect against (like racism, marketing lies, or hurt feelings), meaning the safe harbor provision against prosecution. But something other than information being shared should be something they're liable for too.

    If something can alter my computer... that you showed/offered.... then it's something they should be punished for agreeing, and being paid, to offer. Why

  • All or nearly all of the "Sponsored" posts on Facebook lead to a page that pops up porn, then "YOU HAVE BEEN INFECTED!!!!" malware. There is, of course, no reporting category for "Malware", and Facebook consistently reports the sites as "not in violation of community standards".

The question of whether computers can think is just like the question of whether submarines can swim. -- Edsger W. Dijkstra

Working...