Fake Facebook ads for Windows desktop themes are actually sending out malware — here’s what to know

Security researchers spot new malvertising campaign

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new Facebook malvertising campaign has been discovered tricking victims looking for Windows themes and other software into downloading information-stealingmalware.

As per thereportfrom cybersecurity researchers Trustwave, threat actors have been abusing Facebook’s ad network to create malicious advertisements for things like Windows themes, top games, AI software, and more. The campaign, which also  leverages LinkedIn andYouTube, has been active since at least September 2023, and is still active, at press time.

The victims don’t seem to belong to any specific cohort. Instead, the threat actors are seemingly casting a wide net and trying to infect as many people as possible. The infostealer used in this campaign is called SYS01 stealer, and it was first spotted by cybersecurity pros Morphisec in mid-2022.

Stealing Facebook Business accounts

As far as infostealers go, SYS01 stealer isn’t that much different. It grabs sensitive information such as login data, cookies, and similar information, from the target endpoints. It also hunts for Facebook ad and business account information, which it then uses to create additional malicious ads and further propagate the malware.

However, since its first detection in 2022, the infostealer has evolved to better evade detection and improve targeting. That being said, the latest variant can detect if it’s being reverse-engineered in virtual environments. The “construction of C2 domains, ad tagging, and hosting on Telegram are all novel and modified tactics,” the researchers added, highlighting the malware’s evolution.

Facebook, LinkedIn, and YouTube are gigantic social networks, used by billions of people every day. As such, they will always be a target of cybercriminals looking to deploy malware and ultimately generate profit. Trustwave believes malvertising threats are so pervasive that they “may never go away”, suggesting that consumers should be extra wary when looking for software, especially commercial products.

More from TechRadar Pro

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

I’m a die-hard Apple fan, but even I’ll admit that the Google Pixel 9 Pro is the best-looking phone of the year