- Experts warn Facebook Crypto -Ads Now Malware Supplies Through Trusted Brand -Post -Easy
- Malware exposes only when victims meet specific browser or profile criteria
- Local Server and Powershell commands allow Stealthy Data Exfiltration and Control
A new wave of malware attacks is aimed at Bitcoin and Crypto owners via Facebook ads that mimic entrusted names in the industry.
Bitdefender says it has revealed a multi -phases of malvertizing campaigning that utilizes reputation from well -known platforms such as Binance, TradingView, Bybit and others.
These malicious ads not only fool users, they also adapt to real time to avoid detection and only deliver malware when conditions are ideal for attackers.
Very evasive delivery system
The scheme begins when cyber criminals hijack or create Facebook accounts and use Meta’s ad networks to run fake campaigns.
These ads contain fake offers and use photos of celebrities – Zendaya, Elon Musk and Cristiano Ronaldo are the usual suspects – to seem more convincing.
Once clicked, users are redirected to Lookalike sites that mimic legitimate cryptocurrency services and ask them to download what seems to be a desktop client.
The malware delivery system is very evasive. Bitdefender says the front end of the fake site works with a local server that is quietly spun up with the initial installation, allowing attackers to send payload directly to the victim’s system while avoiding the most security software.
Delivery only happens if the victim meets specific criteria such as being logged on Facebook, using a preferred browser like Microsoft Edge or matching a particular demographic profile.
Some Malware samples run light .NET -servers locally and communicate with the site using advanced scripts performing coded Powershell commands. These can exfilter sensitive data as installed software, system and OS -info and even GPU details.
Depending on the results, malware may download additional payload or simply go to sleep if it suspects it is analyzed in a sandbox.
BitDefender -scientists found hundreds of Facebook accounts promoting these campaigns. A race more than 100 ads in a single day. Many ads target men aged 18 and older with examples found in Bulgaria and Slovakia.
How to remain safe
Review ads carefully: Be very skeptical of ads that offer free crypto tools or financial perks. Always confirm links before clicking.
Download only from official sources: Visit platforms such as Binance or TradingView directly. Never Trust redirects from ads.
Use Link Control Tools: Tools like Bitdefender Scamio or Link Checker can warn you of dangerous URLs before engaging.
Keep your security software updated: Use a reputable antivirus that gets regular updates to capture developing threats.
Keep an eye on suspicious browser behavior: Pages that insist on using edge or redirecting irregularly are massive red flags.
Report shady ads: Flag suspicious content on Facebook to help others avoid falling in the same trap.
