In one instance, a malicious Facebook page impersonating Midjourney gathered 1.2 million followers and remained active for nearly a year before being taken down. The attackers hijacked an existing profile and converted it into a fake Midjourney page, tricking people into downloading the infostealers by promoting a non-existent desktop version of the tool. The campaign targeted men aged 25 to 55 in Europe and used cloned official Midjourney landing pages to trick users into downloading what they thought was the latest version of the art-generating tool. Despite the page being taken down, the threat actors launched a new page that is still active and distributing malware.
Key takeaways:
- AI Hackers are using Facebook ads and hijacked pages to promote fake AI services like MidJourney, OpenAI's SORA, ChatGPT-5, and DALL-E, to infect users with password-stealing malware.
- The malvertising campaigns are created by hijacked Facebook profiles that impersonate popular AI services, tricking users into downloading malicious executables that infect Windows computers with information-stealing malware.
- A malicious Facebook page impersonating Midjourney amassed 1.2 million followers and remained active for nearly a year before it was taken down, highlighting the reach and effectiveness of these campaigns.
- The success of these campaigns underscores the sophistication of social media-based malvertising strategies and the importance of vigilance when engaging with online advertisements.