In summary:
- PCWorld reports that malicious Facebook ads are distributing malware disguised as legitimate Windows 11 upgrades, mimicking official Microsoft download pages.
- The sophisticated malware employs advanced evasion techniques to avoid detection while stealing passwords, cryptocurrency wallets, and other sensitive user data.
- This highlights Facebook’s ongoing struggle with scam advertisements and emphasizes the need for extreme caution when clicking software download ads on social media platforms.
If you’re looking for a reason to finally ditch Facebook… well, you’ve got plenty, but I’ll give you one more. On top of never-ending slop, scams, and algorithmic rage-bait, it’s now hosting malware. Or at least, ads that pretend to be for Windows, delivering malware designed to steal passwords and (of course) cryptocurrency.
According to a Malwarebytes report, a coordinated campaign of Facebook ads purported to give users free upgrades to Windows 11, and even sent users to a credible fake of the official Microsoft download assistant page. With the heavy push from Windows 10 following the official end of support last year, it was a savvy campaign.
The URL even included official-sounding update terms, like “25h2.” If you downloaded it, you’d get a sneaky bit of malware that searched for passwords, browser sessions, cryptocurrency, and other data that might be helpful in stealing one’s identity.
It’s a nasty bit of work, and reportedly pretty good at hiding itself. Malwarebytes says that if you try to follow the ad’s link from an IP associated with a security scanner or researcher, you get sent to Google. If you try to launch the installer in a virtual machine or it detects active scanning, it does nothing. And once it’s on your machine, it uses old tricks like hiding in the registry to survive reboots.
The use of paid Facebook ads to target victims is disturbing, but not especially surprising. In addition to letting bots and fake users run wild on the platform, and even trying to get users to talk to “real” bots, Facebook has been hosting and profiting from frauds and scams for years. Efforts to prevent scam ads have been token at best. If it made a bigger push to stop them, Meta might lose as much as ten percent of its revenue — not profit, revenue.
With Malwarebytes antivirus updating its definitions to catch this new attack, the security systems should spread to other systems soon, including Windows Defender. But you can expect similar attacks, including paid ads on Facebook and elsewhere, to use similar vectors.
Author: Michael Crider, Staff Writer, PCWorld
Michael is a 15-year veteran of technology journalism, covering everything from Apple to ZTE. On PCWorld he's the resident keyboard nut, always using a new one for a review and building a new mechanical board or expanding his desktop "battlestation" in his off hours. Michael's previous bylines include Android Police, Digital Trends, Wired, Lifehacker, and How-To Geek, and he's covered events like CES and Mobile World Congress live. Michael lives in Pennsylvania where he's always looking forward to his next kayaking trip.