HQ/EMEAFind out how we can help your business
Hackers exploit Facebook’s advertising platform to distribute malware to unsuspecting users using promotional posts offering AI services, such as MidJourney. Threat actors also impersonate popular Artificial Intelligence (AI) services like OpenAI’s SORA, ChatGPT-5, and DALL-E to bait victims.
Based on reports, these malicious campaigns begin with hacked Facebook profiles posing as genuine AI services. Hackers use these hijacked accounts to tempt users with sneak peeks of new features, leading them to join fake AI communities. The communities seem legitimate, with posts about AI news and images. However, the hackers made them for malware distribution.
The scams entice users by offering early access to anticipated AI services, but instead of delivering the promised software, users unknowingly download malware like Rilide, Vidar, IceRAT, and Nova. Once installed, these malware strains steal sensitive information from users’ browsers, including passwords, cookies, cryptocurrency data, and credit card details.
The MidJourney campaign has already gathered over a million followers before its shutdown.
The MidJourney campaign has already attracted 1.2 million followers. The page operated for almost a year before Facebook shut it down. The hackers repurposed an existing profile to create the fake MidJourney page, misleading users into downloading malware disguised as the latest AI tool.
The ads targeted men aged 25 to 55 across Europe, especially in European countries such as Germany, Poland, and Italy. Instead of using common file-sharing platforms like Dropbox or Google Drive, the hackers faked the official MidJourney landing page to host their malware.
Researchers also noted that the hackers cleverly disguised their malware as a Google Translate extension, making it difficult for users to spot signs of malicious intent from the page. Even though Facebook has removed the original fake page, the threat persisted, as the attackers generated a new page that is still active. As of now, over 600,000 members have fallen prey to the same scam.
This incident highlights the increasing trend of social media-based malware campaigns through online ads. With platforms like Facebook that have inadequate moderation, these campaigns can cause extensive damage by spreading malware.
Users should stay cautious, verify the authenticity of pages and offers, and avoid downloading software or clicking links from unknown sources to prevent such scams.
