You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily. Subscribe to our Newsletter
Advertisement

Star power: Crypto scammers running celebrity-powered malvertising campaign on Facebook

Scammers are using Elon Musk, Zendaya, and Cristiano Ronaldo to trick Australian victims into downloading malware.

Star power: Crypto scammers running celebrity-powered malvertising campaign on Facebook
expand image

Security researchers have uncovered an insidious crypto scam circulating on Facebook, leveraging well-known cryptocurrency exchanges and the popularity of an array of public figures.

Worringly, the campaign is ongoing, and according to cyber security firm Bitdefender, Australians are already falling victim to it.

The campaign is using Meta’s advertising network on Facebook to lure victims with promises of quick financial gains while impersonating trusted cryptocurrency brands such as Binance and TradingView. Images of public figures such as the actor Zendaya, soccer star Cristiano Ronaldo, and Tesla boss Elon Musk – the latter two already heavily involved in crypto ventures – are also used to lend credence to the scam campaign.

Hundreds of such ads are circulating on Facebook, with new ads appearing regularly. The ads lead to malicious websites that impersonate covertly to back-end infrastructure, capable of deploying malware – capable of exfiltrating data about the compromised system, such as geolocation, installed software and any GPUs that may be available – while avoiding detection.

The scammers are also sophisticated enough to have built anti-sandbox detection techniques into their infrastructure and are capable of detecting suspicious behaviour.

“No malicious content will be displayed for users who loaded the website without the specific query parameters of the Facebook ads – some examples being utm_campaign, utm_content, fbid, cid,” Ionut Baltariu, one of Bitdefender’s researchers, said in an 8 May blog post analysing the campaign.

“If the user is not logged into Facebook or if the IP address and operating system don’t interest the attackers, the website will not display malicious content. Users will be served with unrelated content instead.”

Similarly, the same thing may happen if the victim does not fit the profile that the scammers are interested in targeting. For instance, if the Facebook user has no interest in cryptocurrency, the malicious ads will not be served.

The payload itself is also capable of real-time evolution in order to evade detection, making the campaign as a whole particularly insidious.

“This campaign showcases a hybrid approach, merging front-end deception and a localhost-based malware service,” Bitdefender said.

“By dynamically adjusting to the victim’s environment and continuously updating payloads, the threat actors maintain a resilient, highly evasive operation.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

You need to be a member to post comments. Become a member for free today!

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.