NSFW Facebook ads being used to spread dangerous malware — don’t click on these

Facebook logo on iPhone
(Image credit: Shutterstock)

Hackers have devised a clever new way to trick unsuspecting Facebook users into downloading malware on their computers.

While having your Facebook hacked is bad enough as it is, a new campaign discovered by Bitdefender uses compromised Facebook Business accounts to deliver the NodeStealer malware. 

Just like with other info-stealing malware, NodeStealer targets Windows PCs with the goal of stealing browser cookies as well as saved usernames and passwords which can then be used to compromise a user’s other online accounts. 

According to a blog post from Meta’s engineering team, previous NodeStealer campaigns have used malicious documents to distribute this dangerous malware. However, this time around, hackers are now using malicious ads to do so. 

Here’s everything you need to know about this latest NodeStealer campaign and why you might want to think twice before clicking on any ads you see online.

Duping Facebook users with fake photo albums

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

During its investigation into this new NodeStealer campaign, Bitdefender found that the hackers behind it have come up with an interesting way to get potential victims to click on their malicious ads.

In a blog post detailing its findings, the firm’s security researchers explained that NSFW ads are the main lure used in this campaign. These ads are for Facebook pages which feature scantily clad women as male users are the targeted demographic.

Bitdefender found a number of fake Facebook profiles using “Album Update”, “Album Girl News Update”, “Private Album Update”, “Hot Album Update Today” or other similar names. These profiles feature one or two photos of young women where their faces or NSFW outfits are censored.

Once these fake profiles are set up, the hackers then begin running ads on Facebook to promote their content with short descriptions like “New stuff is online today” or “Watch now before it’s deleted” to instill a sense of urgency and get unsuspecting users to click on them. 

When a potential victim does click on one of these ads, instead of getting access to an album full of NSFW photos, they instead download a Windows executable. While most people know the dangers of running a “.exe” file downloaded from an untrusted source online, many don’t and the hackers are counting on this.

Instead of a NSFW photo album, the executable installs the NodeStealer malware on their computer and then proceeds to steal any passwords or cookies stored on the device. 

How to stay safe from malware delivered via ads

With this campaign in particular, the victims should have recognized the dangers of downloading NSFW photos from a suspicious-looking Facebook profile they saw in an advertisement. However, there are many other similar campaigns that use malicious ads for legitimate products to infect unsuspecting users with malware.

This is why you always want to be careful when clicking on ads online. Besides on Facebook, malicious ads have also started to appear on Google Search which is why you’re better off avoiding ads altogether. Instead, if you see a deal on a product you’re interested in an ad on a social network or even in a search engine, you’re better off navigating to the retailer’s webpage yourself and manually searching for it.

At the same time, you also want to be using the best antivirus software on your PC, the best Mac antivirus software on your Mac or one of the best Android antivirus apps on your Android smartphone to protect yourself from malware. Likewise, if you’re really worried about hackers, it may also be worth investing in one of the best identity theft protection services as they can help you deal with fraud and getting your identity back if it’s stolen online.

With Black Friday just around the corner, you can bet that hackers are going to capitalize on all of the extra holiday shopping with even more malicious ads. For this reason, you’re better off getting help finding deals from Tom’s Guide or other trusted news sites.

More from Tom's Guide

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.