Hackers have been detected breaking into popular verified Facebook pages and using them to run ads on the social media behemoth distributing malware.
The threat actors behind the campaign compromised popular Facebook accounts, then purchased Facebook ads to target users; in some cases, they changed account names to impersonate Facebook and Google, in an effort to deceive more users.
Social consultant Matt Navarra(opens in new tab) first spotted the malicious campaign, outlining the danger on Twitter.
Navarra noted whoever is behind the campaign first targeted popular Facebook pages (one of the victims has more than seven million followers and has been active for over a decade). Should they gain access, they would change the page’s name into a variant of Meta (Facebook’s parent company), or Google.
To increase transparency, Facebook publicly displays a history of name changes for verified accounts. However, despite this safeguard, certain scams continue to slip through.
Meta has reported a series of malware scams that use AI-themed chatbots to trick Facebook, Instagram, and WhatsApp users into downloading malware.
One such malware is Ducktail, which has been targeting Facebook users since 2021 and can steal sensitive information, including two-factor authentication codes.
The scammers behind these attacks may have compromised Facebook pages that purchased malware-laden ads.