Cybercriminals Exploit AI Hype: Malicious Facebook Ads Target Millions

Be Careful With Facebook Ads for AI Video Generators: They Could Be Malware

Cybercriminals have been posting Facebook ads for fake AI video generators to distribute malware, Google's threat intelligence unit Mandiant reports. The campaign aims to lure social media users into visiting malicious websites. It begins with ads impersonating legitimate AI video generator tools like Luma AI, Canva Dream Lab, and Kling AI. Once a user clicks on the link and lands on the fake site, attackers deploy "payloads such as Python-based infostealers and several backdoors," Mandiant says. Mandiant found ads for over 30 such malicious websites; most were posted on Facebook but a handful of them appeared on LinkedIn. To avoid being detected by Meta, cybercriminals are constantly modifying their domains and publishing new ads daily. These ads have already reached millions of users. In the EU alone, 120 malicious ads reached over 2.3 million users, according to data viewed by Mandiant. "The temptation to try the latest AI tool can lead to anyone becoming a victim," Mandiant said, adding that users need to exercise caution and verify that AI tools are legitimate before trying them. The ad-driven malware attack, tracked as UNC6032, has been active since mid-2024 and is linked to Vietnam-based nexus. In the past, it has resulted in the breach of login credentials, cookies, credit card data, and Facebook information. Mandiant notified Meta of the campaign in 2024. By then, Meta had already detected and removed a significant number of such malicious ads, the report adds. Despite that, users should remain vigilant and only use AI tools offered by companies they trust.

Warning: Facebook Ads for AI Video Generators Might Be Malware

AI video generators have exploded in popularity, allowing users to create videos they never could have recorded in the real world. Along with millions of users who are using these legitimate apps, cybercriminals have also taken note and flooded Facebook with malicious ads that send people to fake websites teeming with malware. Google's threat intelligence unit Mandiant reports cybercriminals have been posting Facebook ads that masquerade as real AI video generators like Canva Dream Lab, Luma AI and Kling AI, but instead are intended to distribute malware. These ads look real when they're posted to Facebook, but instead lure users to a fake website that deploys "payloads such as Python-based infostealers and several backdoors," according to Mandiant. Mandiant found ads for over 30 such malicious websites; most were posted on Facebook but a handful of them appeared on LinkedIn. To avoid being detected by Meta, cybercriminals are constantly modifying their domains and publishing new ads daily. These ads have already reached millions of users. In the EU alone, 120 malicious ads reached over 2.3 million users, according to data viewed by Mandiant. "The temptation to try the latest AI tool can lead to anyone becoming a victim," Mandiant said, adding that users need to exercise caution and verify that AI tools are legitimate before trying them. The ad-driven malware attack, tracked as UNC6032, has been active since mid-2024 and is linked to Vietnam-based nexus. In the past, it has resulted in the breach of login credentials, cookies, credit card data, and Facebook information. Mandiant notified Meta of the campaign in 2024. By then, Meta had already detected and removed a significant number of such malicious ads, the report adds. Despite that, users should remain vigilant and only use AI tools offered by companies they trust. If you've been bombarded with these ads, it can be frustrating to figure out what ads can be trusted. With so many malicious ads on Facebook and LinkedIn, it's safer to avoid the ads entirely and instead perform an independent search for the AI video generator that caught your attention. Going directly to the source ensures you can try out real AI tools, without losing your information in the process.

Millions of users could fall for fake Facebook ad for a text-to-AI-video tool that is just malware

Google's Mandiant Threat Defense group has identified a campaign, tracked as UNC6032, which "weaponizes the interest around AI tools" - specifically tools used to generate videos based on user prompts. Mandiant experts identified thousands of postings of fake "AI video generator" websites that actually distribute malware, which has led to the deployment of payloads, "such as Python-based infostealers and several backdoors." The campaign sees legitimate AI generator tools like Canva Dream Lab, Luma AI, and Kling AI impersonated in order to trick victims, which have collectively reached "millions of users" across both LinkedIn and Facebook - although Google suspects similar campaigns may be targeting users on multiple different platforms too. The group, UNC6032, is thought to have ties to Vietnam, but EU transparency rules allowed researchers to see that a sample of 120 malicious ads had a total reach of over 2.3 million users - although this does not necessarily translate to that many victims. "Although our investigation was limited in scope, we discovered that well-crafted fake "AI websites" pose a significant threat to both organizations and individual users," the researchers confirm. "These AI tools no longer target just graphic designers; anyone can be lured in by a seemingly harmless ad. The temptation to try the latest AI tool can lead to anyone becoming a victim. We advise users to exercise caution when engaging with AI tools and to verify the legitimacy of the website's domain." Be sure to thoroughly vet any adverts on social media, and manually search any software deals into a search engine before downloading anything in order to properly verify the source.

Fake AI Tools Lure Social Media Users In Global Malware Scam

Cybercriminals are exploiting the booming interest in artificial intelligence (AI) tools to spread malware through fake ads on Facebook and LinkedIn, a new report has revealed. According to cybersecurity firm Mandiant, a Vietnam-linked hacking group is behind a widespread scam that uses realistic-looking online ads to trick people into downloading malicious software. The ads claim to promote popular AI platforms -- like Luma AI, Canva Dream Lab, and Kling AI -- but instead redirect users to fake websites designed to steal personal information. "These attackers are tapping into the public's growing fascination with AI to carry out digital theft," said Yash Gupta, a senior manager at Mandiant. "A site that looks like an exciting new AI tool could actually be stealing your passwords, credit card numbers, or social media accounts." Mandiant's investigation, which began in late 2024, has uncovered thousands of ads linked to the scam, with many of them reaching audiences in the millions. A sample of 120 Facebook ads targeting European users alone had a combined reach of over 2.3 million people, the report said. The hackers, identified by researchers as UNC6032, use a rotating set of websites and fake business pages to keep the scam alive. In some cases, they also hijack real user accounts to spread the ads. Once a victim clicks the ad and visits the fake AI site, the page appears to offer an AI-generated video or image service. But instead of any real AI functionality, the website automatically downloads malware that installs itself in the background. That malware, known as STARKVEIL, is capable of stealing sensitive data and secretly sending it back to the attackers. While the fake ads have been found mostly on Facebook, Mandiant also spotted smaller campaigns on LinkedIn. In one example, a fraudulent website was registered in September 2024 and promoted to tens of thousands of users within a day. Victims include both individual users and employees of businesses across various industries. "This isn't just a consumer issue," Gupta said. "These stolen credentials can give attackers access to corporate networks, making it a risk for organisations too." Mandiant says both Meta (Facebook's parent company) and LinkedIn were cooperative and proactive in responding to the findings. Meta had already begun taking down many of the malicious ads and domains before Mandiant alerted them to additional activity. However, the report warns that the threat is far from over. The attackers continue to launch new ads and websites daily, constantly adjusting tactics to avoid detection. Experts advise people to be cautious when clicking on social media ads -- especially those that promote unfamiliar AI tools. To stay safe: The scam is part of a growing trend in cybercrime where criminals take advantage of popular tech trends to deceive the public. With AI tools rising in popularity, experts say this likely won't be the last attempt to turn AI hype into a cyber threat. "Criminals go where the attention is," Gupta said. "Right now, that's AI."