HQ/EMEAFind out how we can help your business
The usefulness of Large Language Models (LLM) has allowed threat actors to create a more efficient cybercriminal operation that reaches numerous users. Based on reports, a new cybercriminal campaign uses LLM-themed Facebook advertisements to distribute malware among Facebook users.
These LLMs-themed attacks have lured various users recently since most people want to acquire such tools to make their jobs easier.
The threat actors that use these Large Language Models use fake Facebook profiles.
According to investigations, the new cybercriminal campaign that leverages Large Language Models involves the development of fake profiles on Facebook that could use paid promotions to disseminate ads from marketing companies and departments.
The ads bait users into accessing a link with a promise of productivity boosts, assistance in teaching, and increased revenue through artificial intelligence. Researchers noted that the actors use Meta AI and Google Bard as their lure.
The ad will redirect the users to a website containing an AI package installer once they click the link. Unfortunately, the installer is a malicious file.
Subsequently, the installer will drop multiple files on the Chrome extension that could steal various details once executed. The stealer prioritises stealing Facebook cookies and access tokens, which the actors could use to request additional information from Facebook’s GraphQL.
Cybersecurity experts claimed that Vietnamese threat actors were the culprits of the new operation since the attack used keywords and variables within the malicious script relevant to the region.
Furthermore, threat analysis showed that the primary objective of the attackers is to target and infect business social networking managers, marketing specialists, and admins.
The surge of AI-based tools has allowed many users to make their lives and work easier. However, numerous threat actors have also used AI tools to bait and scam targets.
Experts advise Facebook users to be vigilant in engaging with ads, especially the ones that promise AI packages or exclusive features, to prevent falling victim to such campaigns. Lastly, businesses should spread awareness and knowledge to their employees about the risks posed by social media ads and adopt security measures, like MFA, to protect their social media accounts.
