Facebook ads scam uses celebrity faces to spread malware
A Facebook malvertising campaign is using images of well-known public figures and impersonating cryptocurrency brands to distribute malware to users in Australia, New Zealand, and beyond.
Cybercriminals have been operating the campaign for several months, relying on Facebook advertisements that feature the likenesses of individuals such as Elon Musk, Zendaya, and Cristiano Ronaldo to attract victims. These ads falsely appear to promote legitimate cryptocurrency exchanges and entice users with promises of quick financial gains or bonuses.
According to Bitdefender Labs, hundreds of Facebook accounts have been utilised to promote malware-delivering pages. In one instance, a single Facebook page reportedly ran over 100 ads in a single day. While many ads are removed promptly, some achieve thousands of views before takedown. Targeting is often narrowly tuned, with examples including campaigns focused on men aged 18 and over in Bulgaria and Slovakia.
The campaign relies on mass impersonation of trusted cryptocurrency exchanges and trading platforms, including Binance and TradingView.
By mimicking established brands, the cybercriminals increase the credibility of the scam and the likelihood that users will be deceived.
The advertisements redirect victims to websites designed to closely resemble genuine cryptocurrency platforms, instructing them to download a supposed 'desktop client'. Instead of providing legitimate software, the download deploys malware on the user's computer. Bitdefender Labs has confirmed that all analysed malicious files carried the name 'installer.msi' and were roughly 800 kilobytes in size.
Bitdefender Labs researcher Ionut Baltariu commented on the sophisticated tracking and filtering techniques employed in the campaign. He said, "Users cannot load the root website. No malicious content will be displayed for users who loaded the website without the specific query parameters of the Facebook ads – some examples being utm_campaign, utm_content, fbid, cid. If the user is not logged into Facebook or if the IP address and operating system don't interest the attackers, the website will not display malicious content. Users will be served with unrelated content instead. The same might happen if the victim does not fit the behavioural profile the threat actors seek (e.g., male, interests in technology and cryptocurrency)."
This method ensures that cybersecurity analysts or automated systems not fitting the sought-after profiles receive only benign or unrelated content, allowing the scams to evade most conventional security solutions. Newer variants go further by requiring users to access the sites through Microsoft Edge, with other browsers triggering harmless alternative content.
One recent development includes the appearance of fake Facebook pages that clone the look and feel of genuine TradingView profiles. These fraudulent pages display fabricated profile pictures, posts, and comments, but central navigation buttons redirect to the legitimate Facebook site.
The technical operation of the malware is multi-stage. Upon installation, the malware opens the impersonated entity's webpage through msedge_proxy.exe, then delivers a suspicious DLL file. This component starts a local .NET-based server, enabling remote execution of payloads and data exfiltration via WMI (Windows Management Instrumentation) queries.
The campaign employs API routes for executing and querying commands and gathers information on user behaviour, installed software, hardware details, and geographical location.
Bitdefender Labs reports that the malware's front-end script deobfuscates itself to create a SharedWorker, which manages communication with the malicious local server.
The SharedWorker controls further attacks and can fetch even more dangerous payloads from external command and control (C2) servers if a target matches the intended victim profile.
Bitdefender Labs highlighted that the sophistication of this campaign—combining multiple levels of obfuscation, anti-sandbox tactics, and real-time adaptation—presents a significant challenge for security practitioners. Early detection and activation of Bitdefender's own malicious script and DLL signatures blocked thousands of infection attempts globally.
The company encouraged precaution among the more than 22 million active Facebook users in Australia and New Zealand. Users are advised to scrutinise any advertisements offering free software or seemingly incredible financial rewards, download software only from official vendor sites, and employ scam and link checking tools such as Bitdefender Scamio and Link Checker.
Bitdefender recommends keeping security software up to date to improve resistance against evolving threats and to remain cautious of sites requesting the use of a specific browser.
Suspicious ads should be reported using Facebook's reporting functions to disrupt ongoing and future malvertising activity.
Researchers at Bitdefender Labs concluded, "This campaign showcases a hybrid approach, merging front-end deception and a localhost-based malware service. By dynamically adjusting to the victim's environment and continuously updating payloads, the threat actors maintain a resilient, highly evasive operation."
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
1News
an hour ago
- 1News
Young man charged after Auckland rugby fields torn up by vehicle
A teenager is facing several driving offences, including intentional damage, after he allegedly tore up a rugby club's fields in Auckland's northwest over the weekend. The 19-year-old also had his newly-purchased vehicle impounded. Kumeū Rugby Club president Glenn Wheeler said in a statement to Facebook on Saturday morning that "some degenerates" had caused major damage to parts of the club's two fields. "It's heartbreaking for our Kumeū Rugby Club & the community to have this kind of stuff going on." Drone footage provided to 1News shows the extent of the damage, with tyre tracks spanning two fields. ADVERTISEMENT Police received reports of the damage on Saturday morning. (Source: Supplied) Sergeant Graham Bennett said police received reports of the rugby fields being damaged on Saturday morning. "A furore ensued on the community grapevines given a prized community asset had been damaged. Information was quickly passed onto police which was followed up and a vehicle of interest was identified." Bennett thanked those at the rugby club and members of the public for their assistance which led to the arrest. Wheeler told 1News that Auckland Council were aiming "do everything in their power" to have the field up and running by Saturday for Club Day. "It's mostly superficial damage, but some of the bigger holes will need sand to fill them up." He also thanked everyone who helped to contribute to finding the offender. "Unfortunately the satisfaction of finding the perpetrator doesn't take away the extreme disappointment of having our fields wrecked." The 19-year-old was expected to appear in Waitākere District Court at a later date on an intentional damage charge alongside other driving offences.
Scoop
3 hours ago
- Scoop
Google Ads Partner NZ: Why Ultimate Web Designs Is The Top Choice For Kiwi Businesses
In today's competitive digital landscape, having a strong online presence is crucial for business success. For companies across New Zealand, from bustling Auckland to serene Invercargill, leveraging Google Ads can be the key to reaching potential customers effectively. Ultimate Web Designs, a certified Google Ads Partner, offers tailored solutions to help businesses maximise their online advertising efforts. Looking for Google Ads Experts in New Zealand? If you've been searching for Google Ads experts near you or asking, 'Where can I find the best affordable Google Ads agency in NZ?' — your search ends here. Whether you're in Christchurch, Rotorua, Queenstown, or Wellington, we help businesses of all sizes get noticed online without overspending. Why Choose a Certified Google Ads Partner? Partnering with a certified Google Ads Partner like Ultimate Web Designs ensures that your campaigns are managed by professionals who meet Google's stringent standards for performance, spend, and certifications. This partnership provides access to exclusive training, support, and resources, ensuring your advertising strategies are both effective and up-to-date. Tailored Google Ads Solutions Across New Zealand Ultimate Web Designs specialises in creating customised Google Ads campaigns that cater to the unique needs of businesses in regions including: Auckland Christchurch Wellington Hamilton Tauranga Dunedin Queenstown Nelson Rotorua Invercargill We also support businesses in Whangārei, Napier, New Plymouth, Palmerston North, Timaru, Hastings, Gisborne, and every town and suburb in between. No matter where you are in Aotearoa, we have your digital marketing covered. Why Choose Ultimate Web Designs for Google Ads? We're Affordable: We offer competitive rates without compromising on quality or service. Our Google Ads packages are designed for small to large businesses across NZ. We Deliver Results: From lead generation to sales conversion, our Google Ads strategies are built around your business goals. We Understand Local Markets: Our team knows the ins and outs of regional NZ markets—whether you're attracting tourists in Queenstown or tradies in Hamilton. We're Transparent: Clear pricing, monthly reporting, and no hidden fees. We Care: Unlike large corporates, we're local, hands-on, and genuinely want to see your business succeed. Complete Google Ads Management Services Keyword Research Ad Copywriting & A/B Testing Conversion Tracking & Landing Page Optimisation Budget Management & ROI Analysis Weekly/Monthly Reporting & Campaign Adjustments Proven Results Backed by Reviews With over 8 years in business and more than 95 five-star reviews across Google and Facebook, we've helped businesses across NZ increase traffic, leads, and sales. Our clients stay with us because we produce results—and we care about their growth. Get in Touch – Let's Talk About Growing Your Business If you're ready to work with trusted, affordable, and effective Google Ads specialists, contact Ultimate Web Designs today: Phone: +64 21 791 234 We proudly serve all of New Zealand—urban, regional, and rural—so whether you're a boutique in Tauranga or a manufacturer in Palmerston North, we're here to help you grow.
1News
2 days ago
- 1News
Musk spotlighted US govt spending, but cut less than he wanted
Elon Musk's effort to dramatically cut US government spending is expected to fall far short of his grand early pronouncements, and perhaps even his most modest goals. It didn't have to be that way. According to experts across the ideological spectrum, a major problem was a failure to deploy people who understood the inner workings of government to work alongside his team of software engineers and other high-wattage technology talent. Even that might not have achieved Musk's original target of US$2 trillion, which is roughly the size of the entire federal deficit. Musk, whose last day spearheading the Department of Government Efficiency is Friday, slashed his goal for savings from US$2 trillion to $1 trillion to finally only $150 billion. The current DOGE results put Musk's efforts well short of US president Bill Clinton's initiative to streamline the federal bureaucracy, which saved the equivalent of US $240 billion by the time his second term ended. ADVERTISEMENT Clinton's effort reduced the federal workforce by more than 400,000 employees. According to government estimates, the total civilian federal workforce — not counting military personnel or postal workers — reaches 2.4 million people. It also seems clear that Musk was unable to change the overall trajectory of federal spending, despite eliminating thousands of jobs. The Yale Budget Lab, in an analysis of Treasury data, shows money is flowing out of government coffers at an even faster pace than the previous two years. 'It was an impossible goal they were trying to achieve. They kept lowering the standards of success," said Alex Nowrasteh, vice president for economic and social policy studies for the Cato Institute, a libertarian think tank. "A more knowledgeable DOGE team wouldn't have made insane promises that would be impossible to keep. They set themselves up for failure.' At a White House event with Trump on Friday, Musk said his team would stay in place and renewed the goal of reaching at least US $1 trillion in cost savings. 'This is not the end of DOGE, but really the beginning. The DOGE team will only grow stronger over time. It's permeating throughout the government,' Musk said in the Oval Office, wearing a black blazer over a T-shirt emblazoned with 'The Dogefather.' ADVERTISEMENT 'We do expect over time to achieve the $1 trillion.' The early evidence suggests that the goal will be exceedingly difficult to reach. Elon Musk speaks during a news conference with President Donald Trump in the Oval Office of the White House, Friday, May 30, 2025, in Washington. (Source: Associated Press) By relying chiefly on IT experts, Musk ended up stumbling through Washington and sometimes cutting employees vital to US President Donald Trump's own agenda. Immigration judges were targeted at the same time the administration was trying to accelerate deportations of people in the US illegally. Likewise, technologists with the Bureau of Land Management were purged from the Department of Interior, despite their significance to clearing the way for petroleum exploration, a Trump administration priority. In many cases, fired employees were rehired, adding administrative costs to an effort aimed at cutting expenditures. ADVERTISEMENT Had Musk's team been staffed with experts on what positions are required under federal law to continue efforts such as drilling and immigration enforcement, it could have avoided similar mistakes across multiple departments, Nowrasteh said. 'I just think there were a lot of unforced errors that a more knowledgeable DOGE team would have avoided,' Nowrasteh said. Grover Norquist, president and founder of the conservative Americans for Tax Reform, had a more favorable perspective on Musk's work, saying it should be judged not only by the total dollars saved but his ability to spotlight the issues. 'When you find the problem, you don't know how far the cancer has spread. You just found a cancer cell,' he said. Norquist said it's up to Congress to take the baton and set up a permanent structure to continue where Musk is leaving off. 'I just think it's going to be seen five to 10 years from now as something very big and very permanent,' Norquist said, 'and that was done only because of a guy like Musk, who can come in and shake things up.' Elaine Kamarck, a key figure in Clinton's government efficiency push, said their efforts were guided by more modest fiscal targets than DOGE. ADVERTISEMENT The initiative was led by Vice President Al Gore, and it was aimed at making the government more responsive to people who used it, and focused heavily on updating antiquated hiring and purchasing procedures. It took years and carried into Clinton's second term. 'We went about it methodically, department by department and, yes, used some outside analysts, but they were seasoned government civil servants who knew about government in general,' Kamarck said. Clinton's effort saved US$136 billion by the end of Clinton's second term, the equivalent of more than $240 billion today, and contributed to budget surpluses for each of the final four fiscal years he was in office. Kamarck said she expects what she called Musk's 'chaotic' approach will reveal mistakes or oversights that could create crises down the road, such as a transportation problem, response to a natural disaster, or delivery of entitlement benefits. 'These are the things that really hurt presidents, and they are increasing the probability that something is going to happen,' Kamarck said.
