Researchers at cybersecurity firm, Bitdefender Labs, have revealed that cybercriminals are now targeting Facebook users with a new campaign leveraging Meta’s advertising network to spread SYS01 infostealer malware.
In their latest report, Bifender Lab’s researchers, Ionut Alexandru, BALTARIU Nicolae POSTOLACHI Alina BÎZGĂ, revealed that attackers are impersonating well-known brands like Netflix, Office 365, and CapCut to lure users into downloading malware.
This campaign, primarily targeting older male users, seeks to hijack accounts and collect personal information from unsuspecting victims.
Impersonation of popular brands
Bitdefender’s report highlights that hackers have been using Facebook ads to mimic legitimate software from popular brands.
Fake ads have promoted Netflix with enticing claims like “free, no ads” streaming, as well as productivity and editing tools, virtual private networks (VPNs), messaging apps, and even video games.
“These ads link users to MediaFire, a cloud storage service, allowing direct download of a malicious ZIP file.
“The file contains an Electron application embedded with SYS01 malware, which operates in the background while mimicking the appearance of the advertised app,” the report stated.
The malware and its modus operandi
The report explained that SYS01 malware is designed to evade detection from security tools, employing several tactics such as sandbox detection and real-time updates from command and control servers.
Bitdefender researchers added that when cybersecurity firms begin blocking a specific version of the malware loader, hackers quickly modify the code, pushing out new ads that evade the latest security updates.
By doing so, cybercriminals keep the SYS01 infostealer hidden from cybersecurity tools, prolonging the malware’s lifespan on Meta’s platforms.
This campaign primarily aims to gain access to users’ Facebook accounts, with a particular focus on business pages.
Once compromised, these accounts provide cybercriminals with a platform to launch additional malicious ads, expanding their reach without attracting immediate suspicion.
Bitdefender has identified nearly 100 domains connected to this campaign, which has a global reach, affecting potential victims across Europe, North America, Australia, and Asia.
First detected in September 2024, the malware has already affected millions of Facebook users worldwide, with a significant focus on older men aged 45 and above.
Bitdefender warns that the SYS01 malware campaign continues to evolve, with new ads appearing daily to reach even more users.
This new threat again brought to the fore the importance of vigilance when clicking on ads or downloading software, even from seemingly legitimate platforms.
With cybersecurity firms in a continuous battle to keep up with these ever-evolving tactics, Facebook users should remain cautious of unexpected offers or ads, especially those promising free services from popular brands.
Follow us for Breaking News and Market Intelligence.
