{"id":19745,"date":"2024-02-26T12:19:34","date_gmt":"2024-02-26T10:19:34","guid":{"rendered":"https:\/\/www.kappadata.be\/?p=19745"},"modified":"2024-02-27T17:45:41","modified_gmt":"2024-02-27T15:45:41","slug":"sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini","status":"publish","type":"post","link":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/","title":{"rendered":"Sponsored Facebook-ads spread password-stealing malware, disguised as Google Gemini"},"content":{"rendered":"

[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column][vc_column_text]The allure of the latest AI tools is universal, and cybercriminals are capitalizing on this enthusiasm. Offering ChatGPT, Bing, or Google Gemini (former Google Bard) with enhanced functionalities has become a recurring theme in phishing campaigns. These campaigns are progressively more sophisticated, incorporating multiple techniques, tools, and reputable services to elude most detection methods. Nevertheless, their ultimate objective remains unaltered: to deceive individuals into downloading malicious software or surrendering their account credentials. Whalebone<\/a> protective DNS provides the solution here.<\/em><\/p>\n

A convincing facade that hides a malicious installer<\/strong><\/h4>\n

This specific threat assumes the guise of Google Gemini (former Google Bard) and presents itself as a paid Facebook advertisement. Additionally, bot accounts in the comment section endorse it to spread the message. The webpage is constructed using Google Sites, lending it an air of credibility and association with a legitimate Google domain.<\/p>\n

However, the download link on the site directs users to a file hosted on Trello, ultimately delivering a malicious installer. Sponsored Facebook advertisements disseminate password-stealing malware disguised as Google Gemini.<\/p>\n

Only the filename gives it away<\/strong><\/h4>\n

The malware exhibits exceptional evasiveness, currently remaining undetected by any Virus Total scanning engines. What may potentially reveal its true nature prior to installation, however, is the nomenclature of the file. While the advertised page promotes Gemini, the installer actually deploys Meta Ads Manager.<\/p>\n

A deceitful browser extension to spread chaos<\/strong><\/h4>\n

Upon completing the installation, which essentially serves as a smokescreen, the malware implants a rogue browser extension disguised as “Google Translate” and prompts a Facebook login page. This enables it to steal your password, login session, and any data you subsequently input into the browser.<\/p>\n

To collect the data, the malware relies on domains hosted on Firebase. These domains are effectively blocked by Whalebone protective DNS<\/strong>. Consequently, even if the antivirus system fails to detect the installer, your passwords remain beyond the reach of the attacker when safeguarded by Whalebone-based security products.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column][vc_empty_space height=”25px”][\/vc_column][\/vc_row][vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column][vc_column_text]<\/p>\n

Still have questions?<\/strong><\/h4>\n

Feel free to contact us\u00a0 at sales@kappadata.be<\/a> and we will be happy to help![\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"

Facebook ads spread malware that steals passwords disguised as Google Gemini. Find out how Whalebone counters this in our blog post<\/p>\n","protected":false},"author":25,"featured_media":20358,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[75,71],"tags":[],"class_list":["post-19745","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-publications"],"acf":[],"yoast_head":"\nFacebook-ads spread malware that steals passwords | kappa Data<\/title>\n<meta name=\"description\" content=\"Facebook ads spread malware that steals passwords disguised as Google Gemini. Find out how Whalebone counters this in our blog post\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Facebook-ads spread malware that steals passwords | kappa Data\" \/>\n<meta property=\"og:description\" content=\"Facebook ads spread malware that steals passwords disguised as Google Gemini. Find out how Whalebone counters this in our blog post\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/\" \/>\n<meta property=\"og:site_name\" content=\"Kappa Data\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-26T10:19:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-27T15:45:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.kappadata.be\/wp-content\/uploads\/2024\/02\/Visual-Blogpost-Whalebone_Cyberattacks-targeting-financial-institutions-01-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1706\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas De Rycke\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas De Rycke\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/en\\\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/en\\\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\\\/\"},\"author\":{\"name\":\"Thomas De Rycke\",\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/#\\\/schema\\\/person\\\/4943d6792a81b8ee873c438bf1a743c4\"},\"headline\":\"Sponsored Facebook-ads spread password-stealing malware, disguised as Google Gemini\",\"datePublished\":\"2024-02-26T10:19:34+00:00\",\"dateModified\":\"2024-02-27T15:45:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/en\\\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\\\/\"},\"wordCount\":469,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/en\\\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.kappadata.be\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/Visual-Blogpost-Whalebone_Cyberattacks-targeting-financial-institutions-01-scaled.jpg\",\"articleSection\":[\"News\",\"publications\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.kappadata.be\\\/en\\\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/en\\\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\\\/\",\"url\":\"https:\\\/\\\/www.kappadata.be\\\/en\\\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\\\/\",\"name\":\"Facebook-ads spread malware that steals passwords | kappa Data\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/en\\\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/en\\\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.kappadata.be\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/Visual-Blogpost-Whalebone_Cyberattacks-targeting-financial-institutions-01-scaled.jpg\",\"datePublished\":\"2024-02-26T10:19:34+00:00\",\"dateModified\":\"2024-02-27T15:45:41+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/#\\\/schema\\\/person\\\/4943d6792a81b8ee873c438bf1a743c4\"},\"description\":\"Facebook ads spread malware that steals passwords disguised as Google Gemini. Find out how Whalebone counters this in our blog post\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/en\\\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.kappadata.be\\\/en\\\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/en\\\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.kappadata.be\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/Visual-Blogpost-Whalebone_Cyberattacks-targeting-financial-institutions-01-scaled.jpg\",\"contentUrl\":\"https:\\\/\\\/www.kappadata.be\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/Visual-Blogpost-Whalebone_Cyberattacks-targeting-financial-institutions-01-scaled.jpg\",\"width\":2560,\"height\":1706,\"caption\":\"Whalebone_Cyberattacks targeting financial institutions\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/en\\\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.kappadata.be\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Sponsored Facebook-ads spread password-stealing malware, disguised as Google Gemini\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/#website\",\"url\":\"https:\\\/\\\/www.kappadata.be\\\/\",\"name\":\"Kappa Data\",\"description\":\"The Art of IT-infrastucture, security and IoT distribution\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.kappadata.be\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.kappadata.be\\\/#\\\/schema\\\/person\\\/4943d6792a81b8ee873c438bf1a743c4\",\"name\":\"Thomas De Rycke\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9c18397b5da24fee6359c66692e3bd39deb2a6e477b3afccf5c27a593e70b4c6?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9c18397b5da24fee6359c66692e3bd39deb2a6e477b3afccf5c27a593e70b4c6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9c18397b5da24fee6359c66692e3bd39deb2a6e477b3afccf5c27a593e70b4c6?s=96&d=mm&r=g\",\"caption\":\"Thomas De Rycke\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Facebook-ads spread malware that steals passwords | kappa Data","description":"Facebook ads spread malware that steals passwords disguised as Google Gemini. Find out how Whalebone counters this in our blog post","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/","og_locale":"en_US","og_type":"article","og_title":"Facebook-ads spread malware that steals passwords | kappa Data","og_description":"Facebook ads spread malware that steals passwords disguised as Google Gemini. Find out how Whalebone counters this in our blog post","og_url":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/","og_site_name":"Kappa Data","article_published_time":"2024-02-26T10:19:34+00:00","article_modified_time":"2024-02-27T15:45:41+00:00","og_image":[{"width":2560,"height":1706,"url":"https:\/\/www.kappadata.be\/wp-content\/uploads\/2024\/02\/Visual-Blogpost-Whalebone_Cyberattacks-targeting-financial-institutions-01-scaled.jpg","type":"image\/jpeg"}],"author":"Thomas De Rycke","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Thomas De Rycke","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/#article","isPartOf":{"@id":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/"},"author":{"name":"Thomas De Rycke","@id":"https:\/\/www.kappadata.be\/#\/schema\/person\/4943d6792a81b8ee873c438bf1a743c4"},"headline":"Sponsored Facebook-ads spread password-stealing malware, disguised as Google Gemini","datePublished":"2024-02-26T10:19:34+00:00","dateModified":"2024-02-27T15:45:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/"},"wordCount":469,"commentCount":0,"image":{"@id":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/#primaryimage"},"thumbnailUrl":"https:\/\/www.kappadata.be\/wp-content\/uploads\/2024\/02\/Visual-Blogpost-Whalebone_Cyberattacks-targeting-financial-institutions-01-scaled.jpg","articleSection":["News","publications"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/","url":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/","name":"Facebook-ads spread malware that steals passwords | kappa Data","isPartOf":{"@id":"https:\/\/www.kappadata.be\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/#primaryimage"},"image":{"@id":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/#primaryimage"},"thumbnailUrl":"https:\/\/www.kappadata.be\/wp-content\/uploads\/2024\/02\/Visual-Blogpost-Whalebone_Cyberattacks-targeting-financial-institutions-01-scaled.jpg","datePublished":"2024-02-26T10:19:34+00:00","dateModified":"2024-02-27T15:45:41+00:00","author":{"@id":"https:\/\/www.kappadata.be\/#\/schema\/person\/4943d6792a81b8ee873c438bf1a743c4"},"description":"Facebook ads spread malware that steals passwords disguised as Google Gemini. Find out how Whalebone counters this in our blog post","breadcrumb":{"@id":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/#primaryimage","url":"https:\/\/www.kappadata.be\/wp-content\/uploads\/2024\/02\/Visual-Blogpost-Whalebone_Cyberattacks-targeting-financial-institutions-01-scaled.jpg","contentUrl":"https:\/\/www.kappadata.be\/wp-content\/uploads\/2024\/02\/Visual-Blogpost-Whalebone_Cyberattacks-targeting-financial-institutions-01-scaled.jpg","width":2560,"height":1706,"caption":"Whalebone_Cyberattacks targeting financial institutions"},{"@type":"BreadcrumbList","@id":"https:\/\/www.kappadata.be\/en\/sponsored-facebook-ads-spread-password-stealing-malware-disguised-as-google-gemini\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.kappadata.be\/en\/"},{"@type":"ListItem","position":2,"name":"Sponsored Facebook-ads spread password-stealing malware, disguised as Google Gemini"}]},{"@type":"WebSite","@id":"https:\/\/www.kappadata.be\/#website","url":"https:\/\/www.kappadata.be\/","name":"Kappa Data","description":"The Art of IT-infrastucture, security and IoT distribution","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.kappadata.be\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.kappadata.be\/#\/schema\/person\/4943d6792a81b8ee873c438bf1a743c4","name":"Thomas De Rycke","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/9c18397b5da24fee6359c66692e3bd39deb2a6e477b3afccf5c27a593e70b4c6?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9c18397b5da24fee6359c66692e3bd39deb2a6e477b3afccf5c27a593e70b4c6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9c18397b5da24fee6359c66692e3bd39deb2a6e477b3afccf5c27a593e70b4c6?s=96&d=mm&r=g","caption":"Thomas De Rycke"}}]}},"_links":{"self":[{"href":"https:\/\/www.kappadata.be\/en\/wp-json\/wp\/v2\/posts\/19745","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kappadata.be\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kappadata.be\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kappadata.be\/en\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kappadata.be\/en\/wp-json\/wp\/v2\/comments?post=19745"}],"version-history":[{"count":4,"href":"https:\/\/www.kappadata.be\/en\/wp-json\/wp\/v2\/posts\/19745\/revisions"}],"predecessor-version":[{"id":20360,"href":"https:\/\/www.kappadata.be\/en\/wp-json\/wp\/v2\/posts\/19745\/revisions\/20360"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kappadata.be\/en\/wp-json\/wp\/v2\/media\/20358"}],"wp:attachment":[{"href":"https:\/\/www.kappadata.be\/en\/wp-json\/wp\/v2\/media?parent=19745"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kappadata.be\/en\/wp-json\/wp\/v2\/categories?post=19745"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kappadata.be\/en\/wp-json\/wp\/v2\/tags?post=19745"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}