Hackers are using Facebook ads to infect Windows PCs with password-stealing malware — how to stay safe
Yet another reminder to be careful where you click
You wouldn’t expect to run into password-stealing malware while browsing Facebook but hackers are now using fake ads to target vulnerable Windows PCs on the popular social network.
As reported by BleepingComputer, security researchers at Trustwave have discovered several new campaigns that use fake Windows themes along with fake downloads for pirated games and software as a lure to trick unsuspecting Facebook users into clicking on their malicious ads. This is done by either creating new Facebook business accounts or by hijacking existing ones.
Here’s everything you need to know about this new campaign and how you can keep your own Windows PC safe from malware.
Stealing passwords and Facebook account info
According to Trustwave’s report, the hackers behind this latest round of attacks have taken out thousands of ads for each individual campaign. For instance, the top campaign called “blue-softs” had 8,100 ads while “xtaskbar-themes” had 4,300 ads.
Clicking on one of these fake ads takes potential victims to malicious sites hosted on Google Sites or True Hosting which appear to be download pages for the themes or software advertised on Facebook. These sites have a download button that when clicked, downloads a ZIP file with a name that matches the product advertised online.
As you’d expect, these ZIP files actually contain the SYS01 info-stealing malware which was first discovered by the cybersecurity firm Morphisec back in 2022. The malware itself uses a collection of executables, dynamic-link library (DLL) files, PowerShell scripts and PHP scripts to install itself and steal data from a targeted Windows PC.
SYS01 can steal cookies from your browser along with any passwords stored there and a victim’s browsing history. However, it also includes a task that leverages Facebook cookies on an infected device to extract data from a victim’s profile including their name, email, birthday and more on the social network.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
Even if you’re not on Facebook, you still need to be careful as Trustwave has observed similar malvertising campaigns on both YouTube and LinkedIn.
How to stay safe from malware
To avoid falling victim to this campaign and others like it, the first and most important thing you can do is to avoid clicking on ads.
Hackers can buy ad space just as easily as legitimate businesses, so to stay safe, you’re better off not clicking on ads at all. In fact, even the FBI recommends you now use an ad-blocker.
If you do see an ad for something you like, though, you’re better off heading to a search engine or — better yet — to the company’s site directly and shopping for the item you may be interested in. When you do need to interact with an ad online, you’re going to want to make sure that you’re using the best antivirus software to protect yourself from any malware or other viruses that ad could be spreading.
We’ve now seen fake ads on both Google and Facebook, and both companies are trying to crack down on this practice. In the meantime, you just need to be careful where you click and avoid downloading anything from unknown sites and sources online.
More from Tom's Guide
- Apple issues urgent spyware warning for iPhone users in 98 countries
- Hackers using Google Ads to steal your info and drain your accounts
- NSFW Facebook ads used to spread dangerous malware — don’t click on these
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.