Hijacked Facebook Pages are pushing fake AI services to steal your data

And millions of Facebook users appear to be falling for it.
Written by Don Reisinger, Contributing Writer

A look at the Midjourney Facebook page that was removed from Facebook in March 2024.


Scammers are using the allure of artificial intelligence features and services to dupe unsuspecting Facebook users into downloading malicious software on their computers, according to security firm Bitdefender.

Over the past year, scammers have been hijacking Facebook Pages and changing them to look like legitimate AI services, including for OpenAI's video creation tool Sora and its image creation tool DALL-E. The scammers then run ads on Facebook's ad network, promising those who view the ad the opportunity to get early access to experimental AI research and products. Once users follow the Pages, the bad actors post AI-generated content to the Page to make it appear legitimate. They then the Page's followers that to use the experimental AI services, they need to download software, which is really malware, including Rilide, Vidar, IceRAT, and Nova, that steals their data.

Also: The 3 biggest social media scams Americans are falling for

AI has quickly become the most important topic in tech. While hundreds of millions of people around the globe are using tools like ChatGPT and DALL-E, there's a clear appetite to see — and try — what's next. The hackers Bitdefender discovered are finding those people and tricking them. And in at least some cases, it appears they've been successful.

Indeed, the most popular Facebook Page that Bitdefender discovered, Midjourney AI, secured 1.2 million followers to its page before Facebook shut it down in March 2024. Soon after Facebook removed the Page for violating its policies, others cropped up, setting up a virtual game of Whac-a-Mole.

"Since we began our investigation, we noticed an additional four Facebook pages attempting to impersonate Midjourney, some of which were also removed from the platform," Bitdefender said. "The latest malicious page impersonating Midjourney appears to have been taken over by the attackers on March 18 when the cybercriminals changed the original name of the original Facebook page. As of March 26, the scam profile has 637,000 followers."

In the cases where users were directed to download software, there was a fair share of red flags. According to Bitdefender, users were given Google Drive or Dropbox links. Also, inspecting the Pages would quickly reveal they aren't directly associated with the companies they're supposed to be representing.

Also: Don't get scammed by fake ChatGPT apps: Here's what to look out for

Like anything else in security, staying vigilant and informed is critical. Tech companies don't use Facebook Pages to promise access to experimental features (not even Meta!). More importantly, they won't ever share third-party links for downloading their software.

Looking ahead, Bitdefender expects similar exploits to continue to affect Facebook users. The security company cautions to stay vigilant, enable multi-factor authentication to limit hackers from accessing accounts, and never download software from unverified sources.

Editorial standards