A recent report by cybersecurity firm Bitdefender Labs has uncovered a malicious campaign targeting Facebook users worldwide through the platform’s advertising network, leveraging Meta’s ad system to spread the SYS01 infostealer malware.
Cybercriminals are impersonating popular brands like Netflix, Office 365, and CapCut to lure users into downloading malware, promoting free streaming, productivity tools, VPNs, messaging apps, and video games through fake ads.
The malware links to MediaFire, allowing direct download of a malicious ZIP file containing an Electron application embedded with SYS01 malware, designed to evade detection by employing sandbox detection and real-time updates from command and control servers.
According to Bitdefender researchers, the primary target of this campaign is older male users, aiming to hijack Facebook accounts and collect personal information, with a focus on business pages that enable cybercriminals to launch additional malicious ads.
The campaign has a global reach, affecting potential victims across Europe, North America, Australia, and Asia, with nearly 100 domains connected to the campaign identified.
Bitdefender researcher Ionut Alexandru emphasized the importance of vigilance and robust cybersecurity measures to protect users from such threats.
To mitigate these risks, users are advised to be cautious of enticing ads promoting free services or software, verify the authenticity of ads before clicking, and keep security software up-to-date.
Meta has been notified of the campaign and is working to remove malicious ads, while Bitdefender Labs continues to monitor the campaign and provide updates.
This discovery underscores the need for increased vigilance and cooperation between cybersecurity firms, social media platforms, and users to combat emerging threats.