195/68 Thursday, May 29, 2025
Cybersecurity researchers have issued a warning about a large-scale malware campaign spreading across social media platforms, particularly Facebook and LinkedIn. A threat actor known as UNC6032 is exploiting growing public interest in artificial intelligence by distributing fake advertisements promoting AI-powered video generation tools. These ads claim to offer text-to-video AI services, luring users into clicking on them. Victims are redirected to convincing fake websites, where they are eventually prompted to download a .ZIP file that contains malware designed to steal sensitive information such as login credentials, credit card data, and other personal details.
According to Mandiant, a Google-owned cybersecurity firm, thousands of malicious ads have been detected on Facebook since November 2024, along with approximately 10 on LinkedIn. The ads lead users to more than 30 fraudulent websites impersonating well-known AI video tools like Luma AI, Canva Dream Lab, and Kling AI. Once the user downloads and executes the files, the malware installs a backdoor, logs keystrokes, and scans the device for password managers and cryptocurrency wallets. Mandiant and Google Threat Intelligence believe that UNC6032 is linked to Vietnam and has achieved considerable success in this campaign.
Although the exact number of victims remains unknown, the malicious ads are estimated to have reached over 2 million users on Facebook and LinkedIn. Mandiant also discovered that the attackers exfiltrated login credentials, cookies, credit card data, and Facebook session information via Telegram API. In response, Meta has taken action to remove harmful ads, block malicious URLs, and disable related accounts, while LinkedIn is actively investigating the issue. Security experts strongly urge users to verify the legitimacy of ads and websites before clicking or downloading anything, as cybercriminals continue to evolve their tactics to bypass detection and simultaneously target multiple platforms.
Source https://www.theregister.com/2025/05/27/fake_social_media_ads_ai_tool/
