- Experts warn advertisements of Crypto Facebook now deliver malicious software thanks to an identity usurpation of confidence
- Malventy software is only deployed when the victims meet the specific browser or profile criteria
- Local server commands and PowerShell allow exfiltration and furtive data control
A new wave of malicious software attacks targets owners of Bitcoin and Crypto via Facebook advertisements that imitate the names of trust in industry.
Bitdefender says he has discovered a several -story malvertling campaign that exploits the reputation of well -known platforms like Binance, TradingView, Bybit and others.
These malicious advertisements do not only deceive users, they also adapt in real time to avoid detection and deliver malicious software only when the conditions are ideal for attackers.
Very evasive delivery system
The program begins when cybercriminals divert or create Facebook accounts and use Meta’s advertising network to perform fraudulent promotions.
These advertisements have false offers and use photos of celebrities – Zendaya, Elon Musk and Cristiano Ronaldo are the usual suspects – to appear more convincing.
Once clicked, users are redirected to websites that set off for legitimate cryptocurrency services and encourage them to download what seems to be an office client.
The malware delivery system is very elusive. Bitdefender says that the front of the false site works with a local server filmed quietly by the initial installation, allowing attackers to send useful loads directly to the victim system while dodging most of the security software.
Delivery only occurs if the victim meets the specific criteria, such as being connected to Facebook, using a favorite browser like Microsoft Edge or by corresponding to a certain demographic profile.
Some malware samples locally perform light .Net servers and communicate with the website using advanced scripts that run PowerShell coded commands. These can exfiltrate sensitive data such as information on software, system and operating system installed, and even GPU details.
Depending on the results, malware can download other useful charges or simply go to sleep if it suspects that it is analyzed in a sandbox.
Bitdefender researchers found hundreds of Facebook accounts promoting these campaigns. One broadcast more than 100 ads in a single day. Many advertisements target men aged 18 and over, with examples found in Bulgaria and Slovakia.
How to stay safe
Examine the advertisements carefully: Be very skeptical about advertisements offering free cryptography tools or financial advantages. Always check the links before clicking.
Download from official sources only: Visit platforms directly like Binance or TradingView. Never Confidence redirect ads.
Use links checking tools: Tools like Bitdefender Scamio or Link Checker can alert you dangerous URLs before committing.
Keep your security software up to date: Use a renowned antivirus that obtains regular updates to capture evolving threats.
Monitor the suspect behavior of the browser: The pages that insist that you use the edge or redirectly redirect are massive red flags.
Report shady advertisements: Hit suspect content on Facebook to help others avoid falling into the same trap.
