Threat actors of late have started abusing sponsored ads on Facebook to deliver malware. Sponsored ads are advertisements that are paid for so that it reaches a wider user base. These posts are visible to all users even if they are not linked to the individual who posted the ad.

These are usually done to promote a new product or venture but can be used for other purposes too.

Why Facebook?

Facebook is one of the most popular social media platforms. Because of its vast user base, it makes it ideal for threat actors to use this platform to spread malware. Since these ads are sponsored by a trustworthy organization such as Facebook, threat actors can easily exploit unsuspecting users.

Since Facebook posts of an individual are typically viewed by followers or those who have liked the account, the sponsored posts feature allows threat actors to target even individuals who are not connected to the individual’s account thereby targeting a wider audience.

Recently one of our colleagues encountered a sponsored ad on Facebook, leading to a password-protected installer file, which our K7 Labs researchers confirmed as malicious.


Figure 1: Sponsored ad on Facebook delivering malware


Figure 2: Similar sponsored ad on Facebook delivering malware

The surprising part is how this seems authentic to Facebook in spite of an open password and Bard AI installation file being uploaded on the Facebook page.

Users need to be cautious and skeptical before clicking on any such ads so that they do not become a victim of such frauds. Users are requested to install a reputable security product such as “K7 Total Security” and keep it updated to stay protected from such threats.

Indicators of Compromise (IOCs)

File Name Hash Detection Name
ChatGPT4_V1_setup.rar 11003E86A94DD23DCE51AB723A3109F3 Trojan ( 0001140e1 )
Bard_AI_setup.rar 0899ABACB1FF62EA61DDFD6A348C5713


Trojan ( 0001140e1 )





Like what you're reading? Subscribe to our top stories.

2023 K7 Computing. All Rights Reserved.