Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Anthony Spadafora

Hackers are using Facebook ads to infect Windows PCs with password-stealing malware — how to stay safe

Facebook app on phone.

You wouldn’t expect to run into password-stealing malware while browsing Facebook but hackers are now using fake ads to target vulnerable Windows PCs on the popular social network.

As reported by BleepingComputer, security researchers at Trustwave have discovered several new campaigns that use fake Windows themes along with fake downloads for pirated games and software as a lure to trick unsuspecting Facebook users into clicking on their malicious ads. This is done by either creating new Facebook business accounts or by hijacking existing ones.

Here’s everything you need to know about this new campaign and how you can keep your own Windows PC safe from malware.

Stealing passwords and Facebook account info

(Image credit: Shutterstock)

According to Trustwave’s report, the hackers behind this latest round of attacks have taken out thousands of ads for each individual campaign. For instance, the top campaign called “blue-softs” had 8,100 ads while “xtaskbar-themes” had 4,300 ads.

Clicking on one of these fake ads takes potential victims to malicious sites hosted on Google Sites or True Hosting which appear to be download pages for the themes or software advertised on Facebook. These sites have a download button that when clicked, downloads a ZIP file with a name that matches the product advertised online.

As you’d expect, these ZIP files actually contain the SYS01 info-stealing malware which was first discovered by the cybersecurity firm Morphisec back in 2022. The malware itself uses a collection of executables, dynamic-link library (DLL) files, PowerShell scripts and PHP scripts to install itself and steal data from a targeted Windows PC.

SYS01 can steal cookies from your browser along with any passwords stored there and a victim’s browsing history. However, it also includes a task that leverages Facebook cookies on an infected device to extract data from a victim’s profile including their name, email, birthday and more on the social network. 

Even if you’re not on Facebook, you still need to be careful as Trustwave has observed similar malvertising campaigns on both YouTube and LinkedIn.

How to stay safe from malware

(Image credit: Shutterstock)

To avoid falling victim to this campaign and others like it, the first and most important thing you can do is to avoid clicking on ads. 

Hackers can buy ad space just as easily as legitimate businesses, so to stay safe, you’re better off not clicking on ads at all. In fact, even the FBI recommends you now use an ad-blocker

If you do see an ad for something you like, though, you’re better off heading to a search engine or — better yet — to the company’s site directly and shopping for the item you may be interested in. When you do need to interact with an ad online, you’re going to want to make sure that you’re using the best antivirus software to protect yourself from any malware or other viruses that ad could be spreading.

We’ve now seen fake ads on both Google and Facebook, and both companies are trying to crack down on this practice. In the meantime, you just need to be careful where you click and avoid downloading anything from unknown sites and sources online.

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.