The paradox of Meta’s anti-malware efforts amidst enabling cybercriminal exploits

Philippine Tribune
Philippine Tribune

Meta detects and disrupts malware campaigns and, at the same time, allows scammers to target users via ads

While Meta, the parent company of Facebook, has efforts to detect and disrupt malware campaigns that target businesses across the internet. The social media giant also allows cybercriminals to use its platform to target users who are more likely to click an ad and download malware.

A few months back, Meta shared its threat research and technical analysis into several persistent malware families, including Ducktail, NodeStealer, and ChatGPT-themed malware.

According to Meta, these malware families aim to compromise business accounts and run unauthorized ads from them. They use various tactics to evade detection and enforcement, such as spreading across multiple internet services, adapting to hot topics and popular tools, and stealing session tokens and credentials from browsers.

Just today, I came across several Google and even Meta-themed Facebook ads with malware that will automatically download a file with .msi extension once clicked. The malware is hidden inside a .rar compressed file format several levels deep to evade detection.

353758011_956055932170293_7335167895128136550_n.png
A Google representative said they have been reporting deceptive ads like this but Facebook is still serving it to FB account holders.,


Meta says the company has teams dedicated to detecting and disrupting malware campaigns. These teams use a variety of tools and techniques to identify and remove malware from Meta’s platforms. Meta also works with law enforcement agencies to investigate and prosecute cybercriminals.

However, Meta also allows cybercriminals to use its platform to target users who are more likely to click on ads and download malware. Meta relies on advertisers to prove that their ads are legitimate by following its policies. This means that Meta does not manually review every ad submitted before publication. Instead, advertisers are responsible for ensuring that their ads comply with Meta’s advertising policies. This approach has some advantages. It allows Meta to process ads more quickly and efficiently. It also reduces the workload on Meta’s review teams.

However, this will also mean that cybercriminals can create ads that appear to be from legitimate businesses or organizations, even if they are not. These ads can then target users more likely to be interested in the advertised products or services.

For example, a cybercriminal might create an ad for a fake Google Bard software program. The ad might target users recently searching for information about Bard, Google’s AI platform. When users click on the ad, they are taken to a website that downloads the malware onto their computer.

While Meta advised people to be cautious when downloading new software like browser extensions or mobile apps or downloading files across the internet, the social media giant also continues accepting paid ads or sponsored posts from cyber criminals to target those more likely to click the ads. Using the Facebook algorithm of targetting users who are more likely to engage with the ads, cybercriminals can make their jobs easier in finding victims.

Here are some tips for staying safe from malware that is spread through Meta ads:

Be wary of ads that promise unrealistic results or seem too good to be true.

Do not click on links in ads that go to unknown websites.

If you are unsure about an ad, you can report it to Meta, but be careful. I was banned for reporting malicious ads before.

Use a firewall and antivirus software to protect your computer from malware attacks. You need an updated antivirus to make your computer safe. Expired antivirus is useless, like what happened to Philhealth.

If you realize after reading this that you have downloaded malware from a Meta ad, you should immediately disconnect from the internet and scan your computer for viruses and other malicious software.

Leave a comment