Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Fake Facebook ads for Windows desktop themes are actually sending out malware — here's what to know

A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.

A new Facebook malvertising campaign has been discovered tricking victims looking for Windows themes and other software into downloading information-stealing malware.

As per the report from cybersecurity researchers Trustwave, threat actors have been abusing Facebook’s ad network to create malicious advertisements for things like Windows themes, top games, AI software, and more. The campaign, which also  leverages LinkedIn and YouTube, has been active since at least September 2023, and is still active, at press time.

The victims don’t seem to belong to any specific cohort. Instead, the threat actors are seemingly casting a wide net and trying to infect as many people as possible. The infostealer used in this campaign is called SYS01 stealer, and it was first spotted by cybersecurity pros Morphisec in mid-2022.

Stealing Facebook Business accounts

As far as infostealers go, SYS01 stealer isn’t that much different. It grabs sensitive information such as login data, cookies, and similar information, from the target endpoints. It also hunts for Facebook ad and business account information, which it then uses to create additional malicious ads and further propagate the malware. 

However, since its first detection in 2022, the infostealer has evolved to better evade detection and improve targeting. That being said, the latest variant can detect if it’s being reverse-engineered in virtual environments. The “construction of C2 domains, ad tagging, and hosting on Telegram are all novel and modified tactics,” the researchers added, highlighting the malware’s evolution. 

Facebook, LinkedIn, and YouTube are gigantic social networks, used by billions of people every day. As such, they will always be a target of cybercriminals looking to deploy malware and ultimately generate profit. Trustwave believes malvertising threats are so pervasive that they “may never go away”, suggesting that consumers should be extra wary when looking for software, especially commercial products.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.