Fake AI Tools Lure Social Media Users In Global Malware Scam

Cybercriminals are exploiting the booming interest in artificial intelligence (AI) tools to spread malware through fake ads on Facebook and LinkedIn, a new report has revealed.

According to cybersecurity firm Mandiant, a Vietnam-linked hacking group is behind a widespread scam that uses realistic-looking online ads to trick people into downloading malicious software. The ads claim to promote popular AI platforms—like Luma AI, Canva Dream Lab, and Kling AI—but instead redirect users to fake websites designed to steal personal information.

“These attackers are tapping into the public’s growing fascination with AI to carry out digital theft,” said Yash Gupta, a senior manager at Mandiant. “A site that looks like an exciting new AI tool could actually be stealing your passwords, credit card numbers, or social media accounts.”

Millions Exposed

Mandiant’s investigation, which began in late 2024, has uncovered thousands of ads linked to the scam, with many of them reaching audiences in the millions. A sample of 120 Facebook ads targeting European users alone had a combined reach of over 2.3 million people, the report said.

The hackers, identified by researchers as UNC6032, use a rotating set of websites and fake business pages to keep the scam alive. In some cases, they also hijack real user accounts to spread the ads.

Once a victim clicks the ad and visits the fake AI site, the page appears to offer an AI-generated video or image service. But instead of any real AI functionality, the website automatically downloads malware that installs itself in the background. That malware, known as STARKVEIL, is capable of stealing sensitive data and secretly sending it back to the attackers.

Global Victims

While the fake ads have been found mostly on Facebook, Mandiant also spotted smaller campaigns on LinkedIn. In one example, a fraudulent website was registered in September 2024 and promoted to tens of thousands of users within a day.

Victims include both individual users and employees of businesses across various industries. “This isn’t just a consumer issue,” Gupta said. “These stolen credentials can give attackers access to corporate networks, making it a risk for organisations too.”

Tech Platforms Respond

Mandiant says both Meta (Facebook’s parent company) and LinkedIn were cooperative and proactive in responding to the findings. Meta had already begun taking down many of the malicious ads and domains before Mandiant alerted them to additional activity.

However, the report warns that the threat is far from over. The attackers continue to launch new ads and websites daily, constantly adjusting tactics to avoid detection.

How to Stay Safe

Experts advise people to be cautious when clicking on social media ads—especially those that promote unfamiliar AI tools. To stay safe:

• Visit websites directly rather than through ads
• Double-check URLs before downloading software
• Use up-to-date antivirus protection
• Report suspicious ads to the platform

The scam is part of a growing trend in cybercrime where criminals take advantage of popular tech trends to deceive the public. With AI tools rising in popularity, experts say this likely won’t be the last attempt to turn AI hype into a cyber threat.

“Criminals go where the attention is,” Gupta said. “Right now, that’s AI.”

© Scoop Media