Facebook Malvertising Campaign Targets Users Searching For AI Image Editing Tools

A new malvertising campaign linked to Facebook is on the rise that targets users looking for AI image editing tools.

This includes stealing sensitive credentials and tricking users into downloading fake platforms that mimic legitimate software.

Moreover, attackers were seen exploiting the popularity related to such tools by producing threatening websites that resemble the app’s real services and end up tricking those vulnerable into accepting and therefore infecting themselves.


The news comes to us thanks to research experts at Trend Micro who carried out an analysis of the campaign arising. There were also some attacks linked to phishing texts that were sent in Facebook’s direction or that of the admin members. This sends them to fake account pages that seem like it's going to offer assistance but in reality, it just ends up stealing login credentials.

After the incident takes place, the actors hijack these accounts take complete control of pages, and roll out malicious posts on social media while marketing via paid advertising hacks.


We also saw how a certain malware campaign entails threat actors that steal the pages and alter names to seem like they’re linked to popular AI image editors.

Such threat actors then produce malicious posts that provide links to false pages that are designed to resemble real websites of the actual photo editor. This not only enhances traffic but results in perpetrators boosting malicious posts through paid advertising tactics.

Any users on the app that click such URLs being marketed in the ads are provided with false web pages that impersonate real AI photo editing and producing software. These are prompted to install a specific software package.

They happen to be prompted to install certain software packages and download them as well. But in reality, these victims are trapped in downloading tools that give rise to Lumma Stealer software.

Slowly and sneakily, the malware infiltrates systems by enabling attackers to gather sensitive details like crypto wallets, credentials, and data related to browsing as well as databases for managing user passwords.

This information gets sold later on to other cybercriminals and is then used by attackers to compromise any accounts of the victim seen online. If that’s not enough, they steal funds and give rise to more scams.

This is why experts are raising the alarm and asking to enable MFA across different social media accounts for that added layer of protection against anyone getting access through unauthorized means.

Moreover, expert tips include companies providing employees with guidance on the dangers of phishing how to recognize something suspicious, and the links that come with them. This way, users need to verify what links they come across before readily clicking on them. This is especially true for those asking for personal data when logging in.

We witnessed something similar to this arise on Facebook in April of this year. A malware ad campaign was promoting another suspicious page that impersonated Midjourney. In the end, it targeted close to 1.2 million people with Chrome browser extensions.

In the past, crooks have used various tactics to steal Facebook user data. Users are advised to remain vigilant and avoid clicking on suspicious posts, ads and links from unknown sources.

Read next: Turkey Blocks Instagram Over Censorship Dispute and Regulatory Non-Compliance
Previous Post Next Post