Beware of AI tools advertised on Facebook. They may be disguised malware.

Posted on August 4, 2024 by darion

Generative AI is currently in a bit of a bubble in the tech industry, with new and potentially interesting AI tools emerging regularly, inviting everyday users to try out the latest AI software.

However, just because AI is popular right now doesn’t mean that every AI tool that users come across is legitimate. In fact, it’s quite the opposite. Bad actors regularly try to exploit what’s popular right now. And the current AI trend makes potential AI consumers especially vulnerable to hackers and scammers.

SEE ALSO:

Android Users Beware! Text-Stealing Malware Attacks Smartphones to Gain Access to User Data

An example would be new report from Trend Micro discovered that bad actors are using a tried-and-true method of exploiting Facebook ads to trick AI users into downloading malware disguised as AI-powered photo-editing tools.

Malware disguised as AI software

Mashable has previously reported on how cybercriminals are using hacked Facebook pages to scam their victims.

Mashable Speed of light

Scammers have used these Facebook ads to they advertise products they never ship to buyers. Hackers have renamed stolen facebook pages to appear as official accounts from companies like Google and even Facebook’s parent company Meta in order to trick users into downloading malware.

Hackers are now refining this strategy and masquerading as AI-powered image editing tools to spread malware.

SEE ALSO:

(Update: Meta Responds) Scammers Use Meta Copyright Removal Tool Against Influencers

According to a report by Trend Micro, scammers trick page owners into providing their login details using basic phishing campaigns. Once the scammers gain access to an already-created account, they rebrand the Facebook page as an AI photo-editing tool. In the case analyzed by Trend Micro, the scammers were posing as Evoto, a real AI photo-editing tool.

After renaming the stolen pages to Evoto, the scammers began running paid Facebook ads through the pages, directing users to a fake site where users could supposedly download an AI photo editing tool. Of course, the target isn’t downloading AI software. In this case, the unwitting victim downloads endpoint management software that gives the attacker remote access to their device. From there, the hacker can steal user login credentials, as well as other sensitive data.

Social media users should be wary of any unknown software downloads promoted through ads on the platform. They could be malware in disguise.