- Experts warns Facebook Crypto advertisement
- Malware is deployed only when the victims meet specific browser or profile norms
- Local servers and Powershell commands allow secret data exfILTRETION and Control
A new wave of malware attacks is targeting bitcoins and crypto owners through Facebook advertisements who imitate reliable names in the industry.
Bitdefinder says that it has highlighted a multi-step Malwarting campaign that exploits the reputation of famous platforms such as Benance, Trading, Bibit and others.
These malicious advertisements not only trick users, they are adapted only to detect and avoid giving malware even in real time when conditions for the attackers are ideal.
Over -development system
The scheme begins when cyber criminals kidnap or create Facebook accounts and use Meta advertising networks to run the promotion of fraud.
From these advertisements, the use and use of photographs of celebrities is – Zandya, Elon Musk, and Cristiano Ronaldo are common suspects – to look more confident.
Once clicked, users are redirected on Luklaic websites that apply legitimate cryptocurrency services and motivate them to download that appears to be a desktop client.
The malware delivery system is highly clear. Bitdefender states that the front-end of the fake site works with a local server, which quietly comes out of the initial install, allowing the attackers to send a payload directly into the victim’s system, dodging most security software.
Delivery occurs only when the victim meets specific criteria, such as logging in Facebook, using favorite browser such as Microsoft Edge, or matching to a certain demographic profile.
Some malware samples locally run light .NET server and communicate with the website using advanced scripts that execute the encoded powermelle command. These can exfiltrate sensitive data such as installed software, system and OS information and even GPU details.
Depending on the findings, the malware can further download the payload or simply be inactive if it is suspected that it is being analyzed in a sandbox.
Bitdender researchers found hundreds of Facebook accounts promoting these campaigns. More than 100 advertisements in a day ran a day. Many advertisements target men aged 18 and older, with examples found in Bulgaria and Slovakia.
How to be safe
Carefully check the advertisements: Excessive doubt of free crypto equipment or advertisements offering financial allowances. Always verify the link before clicking.
Download only from official sources: Go directly to platforms like Binance or TardingView. Never Reduce advertisement.
Use link-checking tool: Tools such as Bitdefender scamio or link checker can alert you to dangerous URL before attaching.
Keep your safety software updated: Use a reputed antivirus that receives regular updates to catch the developed hazards.
See for suspected browser behavior: Pages that emphasize you use edge or redirect, they are largely red flags.
Report shady advertisement: Suspicious materials on Facebook to help others avoid falling into the same trap.
