### **Beware: Cybercriminals Target Crypto Users with Facebook Ad Scams**
The excitement around the **Pi2Day** event, celebrated on **June 28**, is palpable within the Pi Network community. Typically, it’s a time for **new feature launches**, development updates, and major platform milestones. However, this year, excitement has been overshadowed by a surge in **malicious Facebook ad campaigns** aimed at stealing crypto wallet recovery phrases and distributing malware.
### **What is the Pi2Day Scam?**
As of **June 24**, cybercriminals have unleashed a wave of scams, launching over **140 deceptive ads** that utilize the Pi2Day branding and visuals associated with the Pi Network. These ads are crafted to lure users to phishing pages or malware-ridden applications, affecting individuals worldwide, including those in the **U.S., Europe, Australia, China, Vietnam, India, and the Philippines**.
Let’s dive deeper into the two predominant scam variants:
#### **Phishing Pages**
The first variation involves fake websites disguised as Pi Wallet portals, enticing users to **enter their 24-word recovery phrase** with promises of earning **628 Pi tokens** or accessing exclusive airdrop events. If a user falls for this trap and enters their recovery phrase, the attackers gain complete control over the wallet, allowing them to siphon off funds immediately.
#### **Malware-Embedded “Mining Apps”**
Another tactic promotes **”free Pi mining software”** or apps that promise bonuses of **31.4 Pi tokens** for those lucky enough to install them. However, these installers are not just innocent offerings; they contain **malware**—specifically strains like [Generic.MSIL.WMITask](https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands) and **Generic.JS.WMITask**. These malicious applications can:
– Steal saved credentials and crypto wallet keys
– Log user input
– Download additional harmful components
– Evade detection through stealth tactics
### **Why is This Scam So Dangerous?**
The appeal of the Pi Network lies in its user-friendly **“mining” model**, especially attractive to individuals with limited experience in cryptocurrency. Many may not understand critical safety measures, such as:
– Recovery phrases should remain **confidential**.
– Verified Facebook ads can still be **fraudulent**.
Mix these elements with hype, enticing rewards, and urgent countdown timers, and you have a recipe for a scheme that could go viral.
#### **Common Denominators Among These Campaigns**
All three scam variations share several traits:
1. They exploit trust in **popular platforms** (Meta/Facebook, Binance, Pi Network).
2. They utilize **deceptive ads** to redirect users to malicious sites.
3. They employ a **multi-stage malware** tactic previously identified by researchers at Bitdefender.
4. They consistently utilize the same detection-evasion strategies.
This strongly indicates that a **single threat actor group** may orchestrate these parallel fraud schemes to maximize their financial gain.
### **How Bitdefender Responded**
**Bitdefender** was proactive in addressing these emerging threats, being the **first vendor** to detect and block the latest malware variants involved in this scheme. Currently, all fake domains and malicious payloads linked to this attack are being actively blocked by **Bitdefender solutions**.
### **How to Stay Safe**
To protect yourself from falling victim to these scams, consider the following:
– **Never enter your wallet’s recovery phrase** on any website.
– Be skeptical of ads offering crypto bonuses, free mining applications, or Pi airdrops—verify their sources.
– Only download applications from **official app stores** or the legitimate Pi Network site.
– Use [**Bitdefender Scamio**](https://www.bitdefender.com/en-us/consumer/scamio) for verifying suspicious messages and links.
– Keep [**Bitdefender Security Solutions**](https://www.bitdefender.com/en-us/consumer/) active on both your PC and smartphone to fend off phishing and malware threats.
We urge all investors—novice and seasoned alike—to remain vigilant. This isn’t merely a one-off scam exploiting the Pi2Day event; it’s part of an organized campaign leveraging Meta’s ad system to execute multiple scams against the crypto community. Be wary of:
– **Fake security alerts** linked to Facebook accounts.
– Malware disguised as partnership messages from recognized platforms like **Binance** and **TradingView**.
– The **Pi2Day scam**, preying on cryptocurrency newcomers.
By employing different themes and visuals while reusing the same malware and infrastructure, this malicious group enhances its evasion tactics, putting more users at risk.
### **Final Thoughts**
**Bitdefender** remains committed to tracking and thwarting these threats. We strongly advise users to approach Facebook ads—yes, even from verified accounts—with a dose of skepticism and caution. Protect yourself and your assets; the stakes have never been higher.
