Generative AI is in a bit of a hype bubble in the tech industry right now. As such, new and potentially interesting AI tools are regularly popping up, inviting everyday users to try out the latest new AI software.
However, just because AI is big right now, doesn’t mean every AI tool that users come across is legitimate. In fact, it’s quite the opposite. Bad actors regularly look to take advantage of whatever is popular at the moment. And the current AI trend makes potential AI consumers particularly vulnerable to hackers and scammers.
Case in point, a new report from Trend Micro has found that bad actors are utilizing a tried and true method of weaponizing Facebook ads to lure AI users into downloading malware disguised as AI photo editing tools.
Malware hiding as AI software
Mashable has previously reported on how online criminals utilize hacked Facebook pages in order to scam victims.
Scammers have used these Facebook ads to advertise products that they never send to buyers. Hackers have rebranded stolen Facebook pages to look like official accounts from companies like Google and even Facebook parent company Meta itself in order to trick users into downloading malware.
Bad actors are now updating this strategy and posing as AI image-editing tools to spread malware.
[Update: Meta responds] Scammers are using Meta’s copyright takedown tool against influencers
According to the Trend Micro report, scammers are tricking page owners into handing over their login credentials through basic phishing campaigns. Once the scammers have access to an already established account, they rebrand the Facebook Page as an AI photo editing tool. In the case analyzed by Trend Micro, the scammers posed as Evoto, a real AI photo editing tool.
After rebranding the stolen pages as Evoto, the scammers then began running paid Facebook ads through those pages, sending users to a fake website where users could supposedly download the AI photo editing tool. Of course, the target isn’t downloading AI software. In this case, the unaware victim is downloading endpoint management software which gives the attacker remote access to their device. From there, the hacker can steal the user’s login credentials as well as other sensitive data.
Social media users should proceed with caution when it comes to any unknown downloadable software being promoted via advertisements on a platform. They could very well be malware in disguise.