Hackers capitalize on the interest and mystery around artificial intelligence to hunt down unwary people and invade their devices with malware that can steal their banking details, personal data or cryptocurrencies.
Mark Zuckerberg’s social network is being affected by a new wave of scam attempts. On this occasion, hackers are taking advantage of the pull of artificial intelligence as a topic that arouses interest and curiosity. Cybercriminals are creating fake pages on Facebook to promote supposed AI content and invite other users to download.
Experts warn of the problem
The antivirus development company Bitdefender has detected this new attempt to obtain the personal data of hundreds of users, and has shared its analysis in a study. Bitdefender notes that millions of people have potentially been affected, judging by the followers of the fake pages on Facebook. These pages impersonate legitimate artificial intelligence companies or services such as Midjourney, DALL-E 3, Evoto or ChatGPT 5.
Specifically, a fake Midjourney page has managed to attract up to 1.2 million followers, and has sent an advertisement aimed at European men between 25 and 55 years old that has reached 500,000 users. It was blocked on March 8, but not before having run massive ad campaigns since at least June 2023.
Before beginning to guide users to links to malicious websites, the criminals worked hard to ensure that the page gained maximum notoriety through AI content that encouraged engagement with likes and comments. It is not known if the content they shared was stolen from other users or official websites.
Scammers then use calls to action to encourage users to interact with their content, clicking on links that will take them to websites where they will try to extract personal information in exchange, for example, for downloading supposed AI software. With this data, scammers will try to steal money, do espionage, or send other malware.
One of the programs that the hackers pretended to offer was the Sora text-to-video generator, from OpenAI. When downloading these alleged desktop programs, what entered the computer of those affected was actually an infostealer (information thief) such as Vidar Stealer, Rilide Stealer, IceRAT or Nova Stealer, the report states. study.
They also installed malicious browser extensions that could affect Google Chrome, Opera, Brave, and Microsoft Edge.
Scammers have not been creating Facebook pages from scratch, but have stolen them and then designed them to impersonate other brands. Some of these pages were hijacked almost a year ago, giving criminals time to do trial and error exercises with the ad campaigns that used the official Meta advertising service. According to the computer security company, these campaigns have reached users in European countries such as Germany, Poland, Italy, France, Belgium, Spain, Netherlands, Romania, Sweden and others.
In this context, Bitdefender recommends users of the social network to maximize caution about the content and profiles with which they interact, as well as to avoid clicking on links that lead to direct file downloads.
How to avoid information thieves
Bitdefender shares some tips to prevent an infostealer from infecting our device. These are tips such as using a reputable antivirus, using extra layers of protection on the browser that detect malicious pages or malware before downloading it, keeping our system updated, not clicking on suspicious links, pop-ups or downloading files from unofficial sources or unknown. They also recommend activating two-factor authentication to prevent hackers from accessing our user accounts on social networks or other websites.