Fake AI social media ads spread malware to millions globally

Mandiant Threat Defense has released research identifying a Vietnam-linked cyber campaign that exploits public interest in artificial intelligence tools by distributing malware via social media advertisements.

The research traces the campaign to a group known as UNC6032, which uses paid advertisements on platforms such as Facebook and LinkedIn to draw victims toward counterfeit websites masquerading as well-known AI brands including Luma AI, Canva Dream Lab, and Kling AI.

These fake advertisements redirect users to domains designed to closely resemble legitimate AI service platforms. However, instead of offering genuine AI-generated content, these fraudulent websites deliver malware. The malicious software is designed to extract sensitive information such as login credentials, credit card data, cookies, and other personal details from victims' systems.

"Our research shows this campaign has already reached millions of users globally. The threat actors have cleverly leveraged the explosive interest in AI tools, combining realistic branding with paid ads on trusted platforms like Facebook and LinkedIn. A well-crafted spoofed website can pose a significant risk to anyone—from consumers to enterprise users," Yash Gupta, Senior Manager at Mandiant Threat Defense, commented.

Mandiant reports that the campaign was first detected in late 2024 and has since been monitored across a large number of deceptive advertisements. Mandiant analysts employed transparency resources such as Meta's Ad Library and LinkedIn's Ad Transparency Center to uncover the scale of the activity, which involved more than 30 unique fake domains promoted through thousands of social media ads.

Among the findings was a sample of over 120 malicious Facebook ads whose estimated reach exceeded 2.3 million users within the European Union. The attackers ran these campaigns using both fraudulent pages that they created and compromised legitimate accounts, often limiting the lifespan of each campaign to avoid being detected and removed by the platforms' security measures.

On LinkedIn, Mandiant detected approximately 10 malicious ads, including content directing users to recently registered domains such as klingxai[.]com, which first appeared in late 2024.

Once directed to the spoofed websites, users download a Python-based malware referred to by Mandiant as STARKVEIL. This type of malware enables attackers to deploy multiple information stealers and backdoors on the victims' devices. The malware extracts sensitive data and communicates with operators via channels such as Telegram, facilitating exfiltration of the stolen information to attacker-controlled infrastructure.

Mandiant's M-Trends 2025 report notes that compromised credentials are the second most common initial access point for cybercriminals, highlighting the broader risk posed by this type of activity to individuals and organisations alike.

"A significant portion of Meta's detection and removal activity began independently in 2024, ahead of our alerts. But with new malicious ads appearing daily, ongoing cross-industry collaboration remains essential to defend users at scale," Gupta said, highlighting the efforts of social media platforms in tackling such threats ahead of external alerts.

Mandiant additionally cautions that similar malicious operations are likely to be active on a range of other platforms, as cybercriminal groups continue to adapt their methods in response to detection and removal efforts.

The company advises users to exercise caution by avoiding AI tool ads from unverified sources, inspecting URLs prior to downloading software, keeping antivirus and endpoint protection updated, and reporting suspicious advertisements directly to platform providers.