Facebook is using ads for fake themes, games, and programs to distribute SYS01 malware that steals user passwords. This was reported by BleepingComputer.
Fraudsters create new business accounts on the social network and distribute ads for fake Windows 10 and 11 themes, pirated games, and programs such as Adobe Photoshop or Microsoft Office, along with which they install malware.
According to Trustwave researchers, among other things, attackers distribute programs such as Sora AI, image creation programs, and one-click activations for operating systems.
"The threat actors assume the business identity by renaming the Facebook pages, this allows them to leverage the existing follower base to amplify the reach of their fraudulent advertisement significantly," says the Trustwave report.
Currently, there are several similar campaigns on the platform with thousands of ads. Among the most popular are blue-softs, which has about 8100 ad posts, xtaskbar-themes - 4300 posts, netaskbar-themes - 2200 posts, and awesome-themes-desktop - 1100 posts.
As you can imagine, the most popular are the advertisements that offer users the ability to customize Windows. When users click on a link in an ad, they are directed to sites hosted by Google Sites or True Hostings, which offer free downloads of various programs.
When users start downloading new themes, apps, or pirated games, SYS01 malware is installed on their devices and then starts stealing passwords. Among other things, the stolen data also includes browser cookies, saved passwords and logins, history, and cryptocurrency wallet information.
According to Trustwave, such ad campaigns are not only active on Facebook, but also on LinkedIn and YouTube.