New campaigns are being seen where attackers are using Facebook ads to infect Windows PCs with password-stealing malware. Most of the current ones are for games, or Windows themes trying to get people to click their ads. For example, a campaign called ‘blue-softs’ had 8100 different ads, and ‘xtaskbar-themes’ had 4300 and appeared to come from legitimate businesses. In both of these cases, the user has to download the software and run it.
Hackers can buy ad space just as easily as legitimate businesses can and this is not limited to games. The best way to avoid falling victim is to never click on ads.
Similar malware campaigns have been seen on YouTube and Linked in.
You should always be cautious of the software you download including dev packages. I recommend testing each download through virustotal.com before opening it. That does not guarantee safety, but it is a great step to supplement the antivirus and MDR on your laptop. If you do download something and find it has disappeared from your downloads folder, the AV/MDR likely quarantined it. I have seen a few notifications from our tool monitoring of this happening on company machines.
If there is something you need and are not sure or suspect about it, please contact me and we can do additional checks.
Daniel Weatherly, CISSP
Director of Security Services
Mainstream Technologies Inc.
501-801-6706
