Profile Stealers Spread via LLM-themed Facebook Ads – Trend Micro

Improve your risk posture with attack surface management
Security that enables business outcomes
Gain visibility and meet business needs with security
Connect with confidence from anywhere, on any device
Secure users and key operations throughout your environment
Move faster than your adversaries with powerful purpose-built XDR, attack surface risk management, and zero trust capabilities
Maximize effectiveness with proactive risk reduction and managed services
Understand your attack surface, assess your risk in real time, and adjust policies across network, workloads, and devices from a single console
Drive business value with measurable cybersecurity outcomes
See more, act faster
Evolve your security to mitigate threats quickly and effectively
Ensure code runs only as intended
Gain visibility and control with security designed for cloud environments
Protect patient data, devices, and networks while meeting regulations
Protecting your factory environments – from traditional devices to state-of-the-art infrastructures
ICS/OT Security for the oil and gas utility industry
ICS/OT Security for the electric utility
Bridge threat protection and cyber risk management
Operationalize a zero trust strategy
Stop adversaries faster with a broader perspective and better context to hunt, detect, investigate, and respond to threats from a single platform
Defend the endpoint through every stage of an attack
Optimized prevention, detection, and response for endpoints, servers, and cloud workloads
The most trusted cloud security platform for developers, security teams, and businesses
Leverage complete visibility and rapid remediation
Simplify security for your cloud-native applications with advanced container image scanning, policy-based admission control, and container runtime protection
Security for cloud file/object storage services leveraging cloud-native application architectures
Advanced cloud-native network security detection, protection, and cyber threat disruption for your single and multi-cloud environments.
Visibility and monitoring of open source vulnerabilities for SecOps
As your organization continues to move data and apps to the cloud and transform your IT infrastructure, mitigating risk without slowing down the business is critical.
Expand the power of XDR with network detection and response
Protect against known, unknown, and undisclosed vulnerabilities in your network
Detect and respond to targeted attacks moving inbound, outbound, and laterally
Redefine trust and secure digital transformation with continuous risk assessments
Stop phishing, malware, ransomware, fraud, and targeted attacks from infiltrating your enterprise
On-premises and cloud protection against malware, malicious applications, and other mobile threats
Keep ahead of the latest threats and protect your critical data with ongoing threat prevention and analysis
Stop threats with comprehensive, set-it-and-forget-it protection
Augment security teams with 24/7/365 managed detection, response, and support
Augment threat detection with expertly managed detection and response (MDR) for email, endpoints, servers, cloud workloads, and networks
Our trusted experts are on call whether you’re experiencing a breach or looking to proactively improve your IR plans
Stop breaches with the best response and detection technology on the market and reduce clients’ downtime and claim costs
Grow your business and protect your customers with the best-in-class complete, multilayered security
Deliver modern security operations services with our industry-leading XDR
Partner with a leading expert in cybersecurity, leverage proven solutions designed for MSPs
Add market-leading security to your cloud service offerings – no matter which platform you use
Increase revenue with industry-leading security
Discover the possibilities
We work with the best to help you optimize performance and value
Content has been added to your Folio
In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials.
By: Jindrich Karasek, Jaromir Horejsi Read time:  ( words)
Save to Folio
Large language models (LLMs) are currently a hot topic nowadays, drawing much attention as the emergence of general artificial intelligence seems to near. Early adopters will have a strong competitive advantage, including creative industries like marketing, copywriting, and data analysis and processing. However, the adoption of AI technologies also opens opportunities for cybercriminals who want to capitalize on the growing interest in LLMs.
In this blog entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials. The threat actor uses URL shorteners like for URL link redirection, Google sites for web hosting, and cloud storages like Google Drive and Dropbox to host the malicious file.
We shared our findings with Meta, who tracked this particular threat actor and TTPs and now removed the fraudulent pages and ads we reported. Meta has shared that it will continue to strengthen its detection systems to find similar fraudulent ads and pages using insights from both internal and external threat research. Additionally, Meta recently shared updates about its efforts in protecting businesses that malware might target across the internet and recommending tips to help users stay safe.
The threat actor uses Facebook’s paid promotion to lure potential victims with advertisements that feature fake profiles of marketing companies or departments. Telltale signs of these fake profiles include purchased or bot followers, fake reviews by other hijacked or inauthentic profiles, and a limited online history.
These advertisements promise to boost productivity, increase reach and revenue, or assist in teaching, all with the help of AI. Some lures promise to provide access to Google Bard (Figures 1 and 2), a conversational AI chatbot that is unavailable in the European Union (EU) at the time of writing.
In other cases, the threat actor claimed to provide access to “Meta AI,” as shown in Figure 4.
Once the user selects the link in the advertisement, they are redirected to a simple website that lists the advantages of using LLM. It also contains a link for downloading the actual “AI package,” as shown in Figure 5.
To avoid antivirus detection, the threat actor distributes the package as an encrypted archive with simple passwords like “999” or “888”. The archive is usually hosted on cloud storage sites like Google Drive or Dropbox.
The archive, once opened and decrypted with the correct password, usually contains a single MSI installer file. When the victim executes the installer, the installation process (Figure 6) drops a few files belonging to a Chrome extension, including background.js, content.js, favicon.png, and manifest.json (Figure 7). It then runs a batch script to kill the currently running browser and restarts it, this time loaded with a malicious extension that impersonates Google Translate (Figures 8 and 9).
The main logic of the malicious extension can be found in the extension service worker script.  After deobfuscation, we can analyze its stealing capabilities. First, the script attempts to steal Facebook cookies. It specifically checks for the presence of c_user cookie, which stores a unique user ID (Figure 10). If c_user cookie does not exist, the stealer does not continue.
It then proceeds to stealing the access token and using it to request additional information from Facebook’s GraphQL (Figure 11).
Having stolen the access token, the script can query Facebook’s GraphQL API for additional information. The first GraphQL query enumerates the account’s managed pages and information about them, like its business ID, fan count, what tasks the account can perform (analyze, advertise, messaging, moderate, create content, manage), and its verification status.
The second GraphQL query enumerates the account’s business information, like its ID, verification status, the ability to create ad account, sharing eligibility status, and the account creation time.
The last GraphQL query enumerates the account’s advertisement information, like its ID, account status (whether it’s “live”, “disabled”, “unsettled”, “in grace period”, or “closed”), currency, whether it’s prepaid, its ads payment cycle, daily spending limit, amount already spent, account balance, and the account creation time.
The stealer also attempts to get the victim’s IP address. All the stolen information — the aforementioned Facebook cookies, access token, browser’s user agent, managed pages, business account information, and advertisement account information — are concatenated, URL-encoded, base64-encoded, and exfiltrated to a command-and-control C&C server (Figure 12).
We noticed a short string being appended to the nave variable, which contains a web browser’s user agent string. This string differs from different samples; we posit that this is some kind of campaign ID that helps the threat actor identify how a particular victim was infected. The campaign gbard-ai[.]info ID usually starts with a star symbol (*) and ends with a pipe symbol (|), as shown in Figure 13.
During this research, we observed the following campaign IDs:
Within the malicious script, we noticed several keywords and variables in Vietnamese (Figures 14 and 15), suggesting that the threat actor speaks or at least understands Vietnamese.
Our research suggests that the threat actor’s main goal is to target and infect business social networking managers or administrators and marketing specialists (who are often also administrators of a company’s social networking sites). As supporting evidence, we observed that the same tracker ID reappears on multiple websites with domain names that contain words like “gooogle – bard”, “gbard”, and “adds -manager -meta”.
In one case, one of the authors of this research helped with the incident response of a specific victim and observed that the threat actor had added suspicious users to the victim’s Meta Business Manager. They also used the victim’s prepaid promotion budget to promote the threat actor’s own content. To date, the threat actor has not tried to contact this victim. According to Facebook’s research, malware and threat actors have historically been motivated primarily by account theft as opposed to extortion.
An antivirus solution with web reputation services is a good countermeasure to threats like the one described in this blog entry. Users should always scan the files they download from the internet and stay vigilant against threat actors who might abuse the hype surrounding new developments in artificial intelligence. The best protection against this kind of attack is always awareness, so potential targets of this threat actor should be wary of the following red flags:
The IOCs for this article can be found here.
Jindrich Karasek
Threat Researcher
Jaromir Horejsi
Threat Researcher
Try our services free for 30 days
Select a country / region
Privacy | Legal | Accessibility | Site map
Copyright ©2023 Trend Micro Incorporated. All rights reserved


Leave a Comment