A troubling new trend emerges as hackers exploit Facebook ads to distribute password-stealing malware among Windows PC users. Security researchers at Trustwave discovered campaigns exploiting fake Windows themes and pirated software downloads to lure users into clicking malicious ads. These ads, sometimes created through hijacked business accounts, redirect users to fraudulent download sites hosted on Google Sites or True Hosting.
One campaign, “blue-softs,” had 8,100 ads, while “xtaskbar-themes” had 4,300 ads. Victims clicking these ads are taken to sites mimicking download pages. Here, they encounter a download button leading to a ZIP file named after the advertised product. Instead of the promised software, the ZIP file contains the SYS01 info-stealing malware, originally identified by Morphisec in 2022. SYS01 uses executables, DLL files, PowerShell scripts, and PHP scripts to install itself and siphon data from the infected PC.
This malware steals browser cookies, stored passwords, and browsing history. It also leverages Facebook cookies to extract profile data, including names, emails, and birthdays. Trustwave reports similar malvertising tactics on YouTube and LinkedIn, posing a broad threat.
Stay safe by avoiding clicking on ads entirely, as hackers can easily purchase ad space. Instead, use a search engine to visit the official website of any product you are interested in. Another line of defense against malware is to use reliable antivirus software. While Google and Facebook are actively working to mitigate these threats, maintaining vigilant awareness is crucial. Be mindful when downloading files from unknown sources to protect your personal information and data.
