How often do you use generative AI tools like ChatGPT, DALL-E, or Sora AI? Bitdefender researchers have warned users to be on the lookout as criminals are spreading info stealers disguised as AI tools on Facebook.

On March 8, 2024, a fake Midjourney Facebook page with 1.2 million followers was shut down after a malvertising ad campaign was discovered. The page was up for nearly a year, and in total, the campaign had an ad reach of approximately 500,000 users.

Artificial intelligence software has gained so much traction that cybercriminals are looking for ways to exploit it. By offering fake AI tools on social media, threat actors can spread malware and collect data to be sold on the dark web. Scam pages may have thousands of followers or subscribers who don’t suspect anything.

Fake Midjourney Facebook Page: 1.2 Million People Targeted

The Facebook page found to be impersonating the generative AI tool Midjourney was used to spread the Rilide v4 infostealer, malware that masquerades as a Google Translate extension.

The targeted demographic of this campaign was European men aged 25 to 55.

In a blog post, Bitdefender said the threat actors created dozens of matching websites mimicking Midjourney’s official landing page. People were invited to download the malicious software via a GoFile link, masked to look like the latest Midjourney version.

KEEP IN MIND

Be suspicious when you’re offered a chance to download generative AI tools from a Google Drive or Dropbox, as there’s a high risk you’re infecting your device with malware. Programs like ChatGPT, Midjourney, or DALL-E are usually available online. If you want to download apps for these AI tools, head to the developer’s website or official app stores.

It’s not the first time Midjourney’s AI-powered art generator has been used to spread malware. Since June 2023, criminals have been looking for ways to exploit the popularity of fast-growing AI tools.

Meta has pulled the Facebook page down, but experts warn that new scam pages pop up every single day.

Meta’s Ad System: A Gateway for Malware?

How does a malware campaign like this happen? In the case of the fake Midjourney page, criminals first took over a vulnerable Facebook page and renamed it to reflect the AI tool. Then, they used Meta’s ad system to spread the malware through paid advertising.

A scheme like this takes time and effort. To avoid detection, the malware has to be regularly adapted. On top of that, threat actors go to great lengths to trick people into thinking a page or ad is legitimate. This includes changing descriptions and photos and updating the page with news frequently.

Ad reach can be astronomical in Meta’s advertising system, especially since threat actors will go above and beyond to mask their crimes and appear legitimate.

How to Protect Yourself Against Malware

Cybercriminals have nifty tricks up their sleeves to target users. Our team of experts recommends the following practices to limit the chances of falling victim to malware scams:

• Use a VPN provider: The best VPN services have advanced malware detection tools. On top of that, VPNs encrypt your private data, making it less likely that threat actors will discover sensitive information.
• Update your system regularly: Keep your PC and phone updated to ensure you’ve got the highest level of security.
• Rely on secure networks: Be careful about which public Wi-Fi networks you connect to. Avoid systems that look suspicious and disconnect immediately in case you get an alert.
• Don’t download suspicious software: If you download any new software, make sure you’ve verified the source before you click on any links or attachments to avoid downloading malware or spyware.

If you want the benefits of using a VPN combined with the security of an antivirus program, we recommend PremiumVPN.