Sponsored Adverts Spreading Malware Via Social Media Platforms

 Threat actors of late have started abusing sponsored ads on Facebook to deliver malware. Sponsored ads are advertisements that are paid for so that it reaches a wider user base. These posts are visible to all users even if they are not linked to the individual who posted the ad.

These are usually done to promote a new product or venture but can be used for other purposes too.

Why Facebook?

Facebook is one of the most popular social media platforms. Because of its vast user base, it makes it ideal for threat actors to use this platform to spread malware. Since these ads are sponsored by a trustworthy organization such as Facebook, threat actors can easily exploit unsuspecting users.

Since Facebook posts of an individual are typically viewed by followers or those who have liked the account, the sponsored posts feature allows threat actors to target even individuals who are not connected to the individual’s account thereby targeting a wider audience.

Recently one of our colleagues encountered a sponsored ad on Facebook, leading to a password-protected installer file, which our K7 Labs researchers confirmed as malicious.

Figure 1: Sponsored ad on Facebook delivering malware

Figure 2: Similar sponsored ad on Facebook delivering malware

The surprising part is how this seems authentic to Facebook in spite of an open password and Bard AI installation file being uploaded on the Facebook page.

Users need to be cautious and skeptical before clicking on any such ads so that they do not become a victim of such frauds. Users are requested to install a reputable security product such as “K7 Total Security” and keep it updated to stay protected from such threats.

Indicators of Compromise (IOCs)

File NameHashDetection NameChatGPT4_V1_setup.rar11003E86A94DD23DCE51AB723A3109F3Trojan ( 0001140e1 )Bard_AI_setup.rar0899ABACB1FF62EA61DDFD6A348C5713

Trojan ( 0001140e1 )

URLs

hxxps://trello[.]com/1/cards/6425453cf71a00f4324c4792/attachments/642545613c14f0aa0d1c5b5d/download/ChatGPT4_V1_setup.rar

hxxps://trello[.]com/1/cards/642461980f81d0cd9023035c/attachments/642461a59d404776028a3563/download/Bard_AI_setup.rar


Comments

Popular posts from this blog

AMOS (MacOS Stealer)

Ransomed by Warlock Dark Army “OFFICIALS”

MuddyWater Back with DarkBit