In a digital landscape increasingly dominated by artificial intelligence (AI), cybercriminals are seizing the moment to deploy sophisticated scams that exploit user curiosity. A recent report by cybersecurity powerhouse Mandiant has unveiled how malicious actors are leveraging enticing ads on platforms like Facebook and LinkedIn to facilitate a wide-reaching malware scheme.
Deceptive Ads: The Bait and Switch
Research indicates that an Vietnam-linked hacking group is orchestrating a campaign to lure unwary users with realistic ads promoting popular AI platforms such as Luma AI, Canva Dream Lab, and Kling AI. Instead of gaining access to innovative AI tools, users are redirected to fictitious websites designed solely to harvest sensitive personal data.
The Dark Side of AI Enthusiasm
“These attackers are capitalizing on the public’s enthusiasm for AI to commit digital theft,” asserts Yash Gupta, a senior manager at Mandiant. “A site that appears to be an exciting new AI tool could actually end up stealing your passwords, credit card numbers, or social media logins.”
The Scale of the Threat
Mandiant’s investigation, which kicked off in late 2024, has revealed thousands of ads tied to this alarming scam, impacting millions of potential victims. For instance, a study of 120 Facebook ads aimed at European users had a staggering reach of over 2.3 million individuals.
How the Scam Operates
Identified under the moniker UNC6032, these hackers employ a rotating array of fake websites and business pages to maintain the longevity of their scheme. They even hijack genuine user accounts to propagate their deceptive ads.
Once an unsuspecting victim clicks on one of these ads, they are led to a website claiming to provide AI-generated video or image services. However, instead of fulfilling that promise, the site furtively downloads malware known as STARKVEIL, which can stealthily extract sensitive information and relay it back to the criminals.
Global Impact on Victims
While Facebook remains the primary platform for these maleficent ads, Mandiant has also detected limited campaigns on LinkedIn. One fraudulent website was registered in September 2024 and promoted to tens of thousands of users within just a day.
Victimized individuals include not only everyday users but also employees from various industries. “This isn’t just a consumer issue,” Gupta elaborates. “These stolen credentials can infiltrate corporate networks, posing grave risks for organizations.”
Response from Tech Giants
In light of this alarming discovery, both Meta (Facebook’s parent company) and LinkedIn have shown remarkable cooperation and proactivity in their responses. Prior to Mandiant’s alert, Meta had already begun dismantling many of the malicious ads and domains.
However, experts caution that the threat persists, with attackers continuously launching new ads and websites to elude detection.
Stay Vigilant: Tips for Safety
To protect yourself from these devious schemes, experts recommend exercising caution whenever interacting with social media ads, especially those promoting unverified AI tools. Consider these helpful tips:
- Always visit websites directly rather than through ads.
- Double-check URLs before downloading any software.
- Implement up-to-date antivirus protection.
- Report suspicious ads to the platform.
The Rise of Cybercrime in the Age of AI
This scam epitomizes a growing trend in cybercrime where malicious players exploit popular tech fads to deceive the public. With the ascent of AI tools, the chances are high that we haven’t seen the last of such cyber threats.
“Criminals always gravitate towards where the attention is,” Gupta concludes. “Currently, that’s AI.”
