Google warns of Facebook post you must NEVER click or you risk getting your passwords stolen & your texts spied on
GOOGLE owned threat hunters have warned Facebook users of a post that you must never click or you will risk getting your passwords stolen & your texts spied on.
Thousands of malicious ads on Facebook and about 10 on LinkedIn have been identified since November 2024.
Advertisement
2
Google owned threat hunters have warned Facebook users of a post that you must never click
Credit: Getty
2
A group of wrongdoers tracked as UNC6032 is exploiting interest in AI video generators
Credit: Getty
A group of criminals tracked as UNC6032 is exploiting interest in AI video generators and users need to be vigilant.
They do so by planting malicious ads on social media platforms to steal credentials, credit card details, and other sensitive information.
Fake AI Video Generator Tools
These ads directed viewers to more than 30 phony websites masquerading as legitimate AI video generator tools.
Including Luma AI, Canva Dream Lab, and Kling AI, falsely promising text- and image-to-video generation reports
Advertisement
Scams and Fraud
If a user visits the fake website and clicks on the "Start Free Now" button, they're led through a bogus video-generation interface that mimics a real AI tool.
After selecting an option and watching a fake loading bar, the site delivers a ZIP file containing malware that, once executed, backdoors the victim's device, logs keystrokes, and scans for password managers and digital wallets.
UNC6032, assessed by Mandiant and Google Threat Intelligence as having ties to Vietnam, has found success with this campaign.
Malicious ads reached two million users
The malicious ads have reached more than two million users across Facebook and LinkedIn.
Advertisement
Most read in Tech
Mandiant used both companies' Ad Library tools, designed to comply with the European Union's Digital Services Act (DSA), to identify the fake websites and the malicious ads' reach.
Threat analysts Diana Ion, Rommel Joven, and Yash Gupta said: "Mandiant Threat Defense performed further analysis of a sample of over 120 malicious ads and, from the EU transparency section of the ads, their total reach for EU countries was over 2.3 million users."
FBI and GCHQ issue urgent warning over Chinese spy operation accessing people's messages, photos and location
Although they note that the "reach does not equate to the number of victims."
The 10 LinkedIn ads had a total impression estimate of 50,000 to 250,000, with the US accounting for the highest percentage of impressions.
Advertisement
Facebook ads were published on both attacker-created pages and compromised accounts.
New ads are created daily
With UNC6032 "constantly" rotating the domains mentioned in the ads to avoid detection and account bans, while new ads are "created on a daily basis."
A Meta spokesperson said the social media company doesn't know how many victims the campaign may have affected.
"Meta removed the malicious ads, blocked the URLs, and took down accounts behind them — many before they were shared with us," the spokesperson told
Advertisement
"Cyber criminals constantly evolve their tactics to evade detection and
target
many platforms at once, and that's why we collaborate with industry peers like Google to strengthen our collective defences to protect our users."
Mandiant, in its report, does give Meta credit for its "collaborative and proactive threat hunting efforts in removing the identified malicious ads, domains, and accounts."
And explained that a "significant portion" of these detections and removals began last year, prior to Mandiant alerting Meta about its investigation.
The malware is designed for information theft
All of the websites investigated served up the same payload: STARKVEIL, a malware dropper that deploys three different modular malware families designed for information theft, all capable of downloading plugins.
Advertisement
The Mandiant team provides a deep dive into one particular attack that started with a Facebook ad for "Luma Dream AI Machine," mimicking a text-to-video AI tool called Luma AI, but instead redirecting the user to an attacker-created website.
After visitors to the phony website click the download button, they receive a ZIP archive containing a Rust-based malware dropper named STARKVEIL.
When executed, it extracts its payloads and displays a fake error message to coax the user into running it a second time, completing the infection chain.
In reality, however, its alleged that for a successful compromise, the executable needs to run twice.
Advertisement
It drops its components during the first execution, and then runs a launcher during the second execution.
Fake 'AI websites' pose a significant threat
One of the malware dropped is GRIMPULL, a .NET-based downloader with anti-VM and anti-malware analysis capabilities, which uses Tor for C2 server connections.
Another is XWORM, also a .NET-based backdoor with capabilities including keylogging, command execution, screen capture, and spreading to USB drives.
The third is FROSTRIFT, a .NET backdoor loaded via DLL sideloading into a legitimate Windows process.
Advertisement
This malware attempts to establish persistence on the compromised machine, and checks for the existence of 48 browser extensions related to password managers, authenticators, and digital wallets.
The Mandiant team wrote: "Although our investigation was limited in scope, we discovered that well-crafted fake 'AI websites' pose a significant threat to both organizations and individual users.
"These AI tools no longer
target
just graphic designers; anyone can be lured in by a seemingly harmless ad."
Meanwhile, Android users who follow
Advertisement
Plus, three new Google warnings you must obey or risk having your bank emptied in seconds – and the
And a warning was given to all
Finally, millions of
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Irish Sun
3 hours ago
- The Irish Sun
Billions of passwords to be deleted in WEEKS blocking you from logging in unless you move to new app, Microsoft warns
MICROSOFT has warned that billions of passwords are to be deleted within weeks to protect users from the threat of cyberattacks. With the change imminent, 4 Microsoft logo outside of its head office in France Credit: Getty Why are your passwords being deleted? Microsoft has said that passwords saved in its Authenticator app will be deleted in just six weeks times. Instead of using passwords, the company are hoping this decision will encourage more users to embrace passkeys. But why is this happening? The Bill Gates co-founded company explained: 'The password era is ending." READ MORE Cyberattacks And while this may be a surprise to some, consumer technologies publication These habits include reusing and sharing passwords or choosing easily guessable passwords. What's more, passwords are inherently vulnerable to attacks and phishing. Users and organisations are all at risk and should heed the advice, as earlier this year, consumers were affected by the Most read in Tech Furthermore, 4 Cyber attacks have been on the rise in the UK Credit: Getty According to Microsoft, cyber attackers are aware that users are moving away from relying on passwords for security, which is why they're accelerating password-related attacks while they still can. The organisation said: 'Passkeys not only offer an improved user experience by letting you sign in faster, they aren't susceptible to the same kinds of attacks as passwords.' Passkeys are a passwordless sign-in method, tied to the user's account to make accessing a website or application more secure and easier. Users can use passkeys to authenticate themselves without having to enter a username or password, and there is no need for any additional authentication factor. 4 Passkeys are the safest way to secure data Credit: Getty Microsoft is not alone in encouraging users to find new ways to protect their privacy. And yet, for some, this change to passkeys will be daunting, especially after Google shared that more than half of their users still do not use the now-outdated two-factor authentication (2FA). When does it come into affect? Some users may have already noticed a difference in their experience, as some changes have already come into effect. June 2025 - Users will no longer be able to save new passwords in Authenticator. During July 2025, users will not be able to use autofill with Authenticator. From August 2025, saved passwords will no longer be accessible in Authenticator. Users need to act to avoid losing access to accounts and applications. What should you do now? 4 Microsoft Edge is the new recommended way of saving passwords if necessary Credit: Getty The tech giant has incorporated a "Turn on Edge" button in Authenticator, which, when pressed, will securely sync all saved passwords and addresses to a users Microsoft account which can be accessed via Edge. By doing so, users can continue to access their accounts and use functions like autofill. While Microsoft explained that users could move their passwords to Microsoft Edge, they suggested that this is the perfect prompt to convert all passwords to passkeys.
The Irish Sun
3 hours ago
- The Irish Sun
Trick to clean your house even faster with '30cm rule' as top Dyson whiz reveals common vacuum fail we're all guilty of
A TOP Dyson designer has revealed exactly how fast to move your vacuum cleaner – and going slower can actually save you time. It turns out that racing around your house isn't necessarily the best way to get the cleaning out of the way quickly. 6 You may have been vacuuming wrong your entire life Credit: Dyson 6 You'll want to visualise one of these during your next vacuum cleaning session Credit: Getty 6 The Sun's tech editor Sean Keach took a trip to Dyson's Oxfordshire HQ Credit: Sean Keach Vacuuming an entire house can be a bit of a nightmare, especially if you've got loads of furniture, carpets, and a dog or cat. So going fast can be tempting now that vacuum cleaners are often wireless and lightweight – just look at SPEED TEST I took a trip to Dyson's Oxfordshire campus where I heard from Dyson designer Jonny Gray, who revealed the exact speed you'll want to be moving your vacuum cleaner. "To be exact, about 0.3 metres a second is probably where you want to be in terms of speed," Jonny explained. Read more on Dyson That's a 30cm ruler, so if you imagine moving across one of those every second, you're getting it right. "I'm sorry to say that the slower you go, the cleaner your floors will be," Jonny said. Of course, he warned that you can also end up going too slow. The Dyson design whiz said you'll get "diminishing returns the more you go over it". Most read in Phones & Gadgets So it's important to not go too slow or fast – and stick to the 30cm rule. "The IEC standards that we get are 0.5 metres a second," Jonny, Senior Design Manager at Dyson, told us. Watch Sir James Dyson unveil secret PencilVac, world's slimmest vacuum cleaner "But we have demonstrated that you get around 100% pick-up over the course of three passes with 0.3 metres a second speed." If you rush around, your vacuum cleaner will end up missing bits. And if you go too slow, you're simply wasting time – and it won't be worth the wait. FOOD FOR FLOORS Jonny, who works on vacuum cleaners at Dyson's gigantic Malmesbury campus, spends time trying to pick up all manner of difficult debris. 6 Dyson's senior design manager Jonathan Gray revealed the secret to vacuuming Credit: Sean Keach 6 The Sun was given a peek inside Dyson's debris cupboard, filled with commonly spilled items Credit: Sean Keach And he also told The Sun that Cheerios are one of the trickiest things for a vacuum cleaner to collect due to their size. But he warned that US-style Froot Loops are even trickier to collect. Dog biscuits are also difficult for vacuum cleaners to pick up, Jonny revealed. But the brainy Dyson designer explained that if you follow the 30cm rule, you should be able to get a "100% pick-up" rate – even during a nightmare Cheerio spillage. WHAT'S IN DYSON'S SECRET FOOD CUPBOARD? Here's what The Sun's tech editor Porridge oats Rice Pasta Long-grain rice Nylon pieces Japanese sushi rice Japanese tea leaves Sugar Bread crumbs Finishing plaster Cotton wool balls Cheerios Popping corn Cat food Hair Tapioca pearls Froot Loops Dog biscuits Bicarbonate of soda Cat litter Picture Credit: Sean Keach Dyson's Lab includes a cupboard filled with different materials for testing with its vacuum cleaners. That includes porridge oats, British and even American rice, sugar, cotton wool, and cat litter. And they even have Japanese sushi rice and tea leaves, to make sure that the vacuum cleaners they flog to Japan are up to snuff. Read iconic British inventor Sir James Dyson's exclusive comment piece for The Sun here. 6 How many of these items have you spilled at home? Credit: Sean Keach
The Irish Sun
20 hours ago
- The Irish Sun
Warning to 40million Brits as major mobile brand to DELETE accounts in just weeks – here's what you need to do
A MAJOR mobile brand has issued a warning to millions of Brits with accounts set to be deleted in just weeks if you don't act now. The Advertisement 3 Following Google's lead the tech firm announced accounts left inactive would be deleted Credit: Getty 3 Samsung sent warning messages to millions of users Credit: Getty Samsung has sent emails to users warning of an imminent change that will see "inactive accounts" deleted. The accounts at risk of being deleted are used to access native apps on Following the lead of Google, who warned accounts that were inactive for two years would be deleted, Samsung issued a similar warning. The firm told users that their data could be at risk of being lost in the wake of the changes. Advertisement Read more in Tech While Samsung said accounts that had The policy change will see access to inactive accounts restricted and all data linked to the account deleted. Once gone the account data will not be recoverable so Brits have been urged to act now. Advertisement Most read in Tech Users who received the message have been warned to log into their accounts as soon as possible if they want to avoid losing their data. The warning message issued to users reads: "Samsung is implementing an inactive Samsung account policy to protect the data of users who have not used their account for an extended period of time. Samsung insider reveals top tricks every user needs to know about to save battery and storage "Once this policy is implemented Data linked to it should be safe from deletion after users have logged in to their accounts. Advertisement Previous warnings from the Korean tech firm said accounts would be deleted on July 31. If users have logged into their account at least once in the last 24 months then it should be safe from the deletion. Receiving the warning message likely indicates that your account has been inactive for nearly 24 months and should be The Galaxy Store and all of Samsung's apps, like Health and Galaxy Wearables, require a Galaxy account to log in. Advertisement Save your Samsung account Simply log into your Samsung account before 31 July. This will mark the account as active to Samsung, and spare it from deletion. Galaxy users who haven't logged in for a while should receive an email from Samsung notifying them of the change. Though, as Advertisement Samsung – a brief history Here's what you need to know... Samsung is a major South Korean company made up of many businesses that operate globally It's known locally as a "chaebol", which means "business conglomerate" It was founded by Lee Byung-chul in 1938 as a trading company But over several decades, it branched out into food processing, insurance, textiles and retail It wasn't until the late 1960s when Samsung entered the electronics industry – for which it's best known in the west today It also launched businesses in construction and shipbuilding in the 1970s Today, Samsung's most important sources of income are its smartphones and computer chips The firm accounts for around 20 per cent of the South Korea's GDP More than 270,000 staff are employed by Samsung globally 3 Once deleted account data is not recoverable Credit: Getty
