- Experts warn that Facebook crypt ‘ads now deliver malware through the trusted brand supplant
- Malware unfolds only when victims comply with the specific criteria of the browser or profile
- Local Server and Powershell commands allow the former scary data confirming and control
A new wave of malware attacks is aimed at the owners of Bitcoin and Crypto through Facebook ads that mimic the names of confidence in the industry.
Bitdefender says that he has discovered a campaign to evil several stages that exploits the reputation of platforms well known as Binance, TrainingView, Bybit and others.
These malicious ads not only deceive users, but also adapt in real time to avoid detection and deliver malware only when conditions are ideal for attackers.
Highly evasive delivery system
The scheme begins when cybercriminals kidnap or create Facebook accounts and use the Meta advertising network to execute fraudulent promotions.
These ads have false offers and use photos of celebrities, Zendaya, Elon Musk and Cristiano Ronaldo are the usual suspects, to look more convincing.
Once clicks, users are redirected to Lookalike websites that are passed through legitimate cryptocurrency services and ask them to download what seems to be a desktop customer.
The malware delivery system is highly evasive. Bitdefender says that the front-end of the false site works with a local server in silence in the initial installation, which allows attackers to send useful loads directly to the victim’s system while they dodge the majority of safety software.
The delivery only occurs if the victim meets specific criteria, such as being registered on Facebook, using a preferred browser as Microsoft Edge or coinciding with a certain demographic profile.
Some malware samples run Livianos. These can exfiltrate confidential data, such as installed software, system information and operating system, and even the details of the GPU.
Depending on the findings, malware can download more useful charges or simply remain inactive if you suspect that you are being analyzed in a sandbox.
Bitdefender researchers found hundreds of Facebook accounts who promote these campaigns. One ran more than 100 ads in a single day. Many ads attack men 18 years or older, with examples found in Bulgaria and Slovakia.
How to stay safe
Examine the ads carefully: Be highly skeptical with ads that offer free cryptographic tools or financial advantages. Always check the links before clicking.
Download only from official sources: Visit platforms such as Binance or TrainingView directly. Never Trust advertisements.
Use link verification tools: Tools such as Bitdefender Scamio or Link Checker can alert it to dangerous URL before participating.
Keep your updated security software: Use an antivirus of good reputation that obtains regular updates to catch evolving threats.
Be attentive to the suspicious behavior of the browser: The pages that insist on using the edge or redirectically redirect are massive red flags.
Shaded ads report: Mark suspicious content on Facebook to help others avoid falling into the same trap.
