Cybercriminals are spreading malware through Facebook pages impersonating AI brands
Cybercriminals are taking over Facebook pages and using them to advertise fake generative artificial intelligence software loaded with malware.
According to researchers at the cybersecurity company Bitdefender, the cybercrooks are taking advantage of the popularity of new generative AI tools and using “malvertising” to impersonate legitimate products like Midjourney, Sora AI, ChatGPT 5 and others.
The campaigns follow a certain blueprint. Cybercriminals take over a Facebook account and begin to make changes to the page’s descriptions, cover and profile photo. According to Bitdefender, they make “the page seem as if it is run by well-known AI-based image and video generators.”
They then populate the pages with purported product news and advertisements for software, which are themselves generated with AI software.
The downloads contain various types of infostealing malware — like Rilide, Vidar, IceRAT and Nova Stealers — which are available for purchase on the dark web, allowing unsophisticated cybercriminals to launch attacks.
The campaigns have especially targeted European users from Germany, Poland, Italy, France, Belgium, Spain, the Netherlands, Romania, Sweden, and elsewhere, they said, and have “tremendous reach through Meta’s sponsored ad system.”
The most notable Facebook page hijack involved the application Midjourney, a popular tool for creating AI-generated images. Its hijacked page had 1.2 million followers and was active for nearly a year before it was shut down earlier this month.
According to Meta’s Ad Library catalog, the Midjourney page had an advertising reach of about half-a-million people from Europe. Since it was taken down, other hijacked Midjourney pages have popped up on Facebook, including one that as of March 26 already had 637,000 followers. Meta did not respond to questions from Recorded Future News.
Since the launch of ChatGPT in late 2022, experts have sounded the alarm about the potential for AI tools to be abused by cybercriminals. Last week, former Secretary of State Hillary Rodham Clinton called AI and deepfake technology a “totally different type of threat.”
James Reddick
has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.