Security News > 2024 > July > Facebook ads for Windows desktop themes push info-stealing malware
Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware.
While using Facebook advertisements to push information-stealing malware is not new, the social media platform's massive reach makes these campaigns a significant threat.
Downloading the fake Windows themes would deliver an archive named 'Awesome Themes for Win 10 11.zip', and Photoshop would be 'Adobe Photoshop 2023.zip.
While downloaders may think they are now getting a free application, game, or Windows theme, the archive actually contains the SYS01 information-stealing malware.
"Since it was first observed in 2022, the SYS01 malware has shifted its delivery method by moving away from adult-themed clickbaits and game-related ads to an approach which targets the general audience like Windows themes and AI-based software tools advertisements."
Trustwave reported in February about a similar Facebook malvertising campaign pushing the Ov3r Stealer password-stealing malware.
News URL
Related news
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- Microsoft: Recent Windows updates cause Remote Desktop issues (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Recent Windows Server 2025 updates cause Remote Desktop freezes (source)
- Microsoft fixes Remote Desktop issues caused by Windows updates (source)