Cybersecurity researchers from Bitdefender Labs have uncovered a new malware campaign targeting Facebook users, with cybercriminals using Meta’s ads platform to spread a harmful program known as SYS01 infostealer.
This campaign leverages advertisements from seemingly reputable brands, including Netflix, Office 365, and CapCut, to deceive users into downloading malware disguised as legitimate software.
The primary target of this campaign appears to be older male users, with the goal of seizing control of their Facebook accounts and harvesting personal data.
According to Bitdefender, cybercriminals create convincing ads that mimic authentic services or popular applications, such as free, ad-free Netflix streaming and productivity tools, enticing users to click.
Once a user interacts with these ads, they are redirected to MediaFire, a cloud storage platform where a malicious ZIP file awaits. The malware, embedded within this ZIP, uses Electron applications that visually replicate the advertised software but operate covertly to capture the user’s information.
One of the distinguishing features of the SYS01 malware is its adaptability. It is programmed to bypass many security detection systems, employing advanced techniques such as sandbox evasion and constant code updates from command and control servers.
Bitdefender highlights that cybercriminals swiftly alter the malware’s code whenever cybersecurity companies detect and block a particular version, which allows the campaign to continue undetected on Meta’s platforms.
This malware’s design compromises individual Facebook accounts and also exploits business accounts. Hijacked accounts are repurposed by attackers to distribute further malicious ads, thereby expanding the campaign’s reach.
This strategic use of compromised accounts has enabled the campaign to extend globally, impacting users across continents, including Europe, North America, and Asia.
Initially discovered in September 2024, the SYS01 infostealer has reportedly affected millions of users. Bitdefender emphasises that the malware remains active and continuously evolves, with new ads appearing daily.
The firm advises users to exercise caution when encountering online advertisements that promise free or premium services, even from recognisable brands.
Facebook users are advised to avoid clicking on suspicious ads and to be wary of software downloads from unofficial sources.
Comments 1