(Credit: Beata Zawrzel/NurPhoto via Getty Images)
AI video generators have exploded in popularity, allowing users to create videos they never could have recorded in the real world. Along with millions of users who are using these legitimate apps, cybercriminals have also taken note and flooded Facebook with malicious ads that send people to fake websites teeming with malware.
Google’s threat intelligence unit Mandiant reports cybercriminals have been posting Facebook ads that masquerade as real AI video generators like Canva Dream Lab, Luma AI and Kling AI, but instead are intended to distribute malware. These ads look real when they’re posted to Facebook, but instead lure users to a fake website that deploys “payloads such as Python-based infostealers and several backdoors,” according to Mandiant.
Mandiant found ads for over 30 such malicious websites; most were posted on Facebook but a handful of them appeared on LinkedIn. To avoid being detected by Meta, cybercriminals are constantly modifying their domains and publishing new ads daily.
These ads have already reached millions of users. In the EU alone, 120 malicious ads reached over 2.3 million users, according to data viewed by Mandiant. "The temptation to try the latest AI tool can lead to anyone becoming a victim,” Mandiant said, adding that users need to exercise caution and verify that AI tools are legitimate before trying them.
The ad-driven malware attack, tracked as UNC6032, has been active since mid-2024 and is linked to Vietnam-based nexus. In the past, it has resulted in the breach of login credentials, cookies, credit card data, and Facebook information.
Mandiant notified Meta of the campaign in 2024. By then, Meta had already detected and removed a significant number of such malicious ads, the report adds. Despite that, users should remain vigilant and only use AI tools offered by companies they trust.
If you’ve been bombarded with these ads, it can be frustrating to figure out what ads can be trusted. With so many malicious ads on Facebook and LinkedIn, it’s safer to avoid the ads entirely and instead perform an independent search for the AI video generator that caught your attention. Going directly to the source ensures you can try out real AI tools, without losing your information in the process.