Cybercriminals are currently running a malware campaign where they exploit Facebook pages to lure users into downloading a fraudulent AI photo editor named Evoto photo editor, which mimics legitimate editing apps. This malicious operation has impacted over 16,000 Windows users and 1,200 macOS users, as discovered by TrendMicro researchers.
According to researcher Jaromir Horejsi, the attackers hijack social media pages, especially those associated with photography, and rebrand them to appear linked to popular AI photo editors to gain the trust of their targets.
The attackers not only create deceptive Facebook ads but also develop websites that closely resemble genuine ones, ensuring that victims do not become suspicious throughout the process.
The primary targets of this attack are Facebook page owners, who receive phishing emails or messages directing them to fake security pages. Under the guise of providing extra protection, the attackers trick these owners into divulging their login credentials, allowing them to take over the pages.
Cybercriminals Exploit Facebook Pages to Spread Fake AI Photo Editor, Infecting Thousands with Malware
Once they gain control of a Facebook page, the attackers post malicious content and promote it through paid ads. When users click on these links, they are redirected to a fraudulent website that prompts them to download and install software.
Unbeknownst to them, they are downloading the legitimate ITarian remote desktop tool, which has been configured to deploy the Lumma Stealer malware. This malware then steals sensitive information such as passwords, browser data, login credentials, and digital wallet information.
The ultimate use of the stolen data remains unclear, but it is likely either sold to other cybercriminals or used directly to commit financial scams.
To protect against such scams, users should only download apps from official app stores like Google Play Store or Apple App Store and avoid sideloading or downloading from unverified sources. Organizations must educate their employees about phishing attacks, ensuring they can recognize and avoid them.
Additionally, organizations should continuously monitor their devices for unusual activity, such as unknown login attempts, and investigate any suspicious incidents promptly. This vigilance, combined with education and caution in downloading apps, can help mitigate the risks posed by such sophisticated malware campaigns.
