A new set of campaigns has been seen using weaponized Facebook posts related to AI tools and photo editors. Be aware that this could be any ad on social media, but this campaign targets photo editing and manipulations with AI apps with fake downloads.
“a new report from Trend Micro has found that bad actors are utilizing a tried and true method of weaponizing Facebook ads to lure AI users into downloading malware disguised as AI photo editing tools.”
That report: https://www.trendmicro.com/en_us/research/24/h/malvertising-campaign-fake-ai-editor-website-credential-theft.html
“We discovered a malvertising campaign involving a threat actor that steals social media pages (typically related to photography), changing their names to connect them to popular AI photo editors. The threat actor then creates malicious posts with links to fake websites made to resemble the actual website of the legitimate photo editor. To increase traffic, the perpetrator boosts malicious posts via paid ads.”
So next time you see a post about an amazing app that can show you what you look like when you are old, or clean up photos for you, think that it could be malware. It’s better to go to the vendor web site directly if you need the app, and then check the download with something like www.virustotal.com
Malicious downloads can affect both phone apps and Windows/osx apps.
Daniel Weatherly, CISSP
Director of Security Services
Mainstream Technologies Inc.
501-801-6706