Cybercriminals used Facebook ads to promote a fake AI image editor, tricking users into downloading malware.
Attackers hijacked Facebook accounts to run these ads, making them appear legitimate.
The campaign involved phishing messages to steal credentials, leading users to fake account protection pages.
Instead of the promised AI image editor, users downloaded the Itarian remote desktop tool, which then installed Lumma Stealer malware.
The malware targeted valuable data such as cryptocurrency wallets, credentials, and browser data, which were then sold on the dark web.
Users are advised to enable multi-factor authentication (MFA) and verify the legitimacy of links to protect against such attacks.