The Rise of Malverposting


Executive Summary

In recent years, the internet has become a hub for many activities, ranging from online shopping to social media platforms; it has also become a playground for cyber criminals who are always on the lookout for vulnerabilities to exploit. One issue that can potentially affect hundreds of millions of people is ‘malverposting’.

What is it and how does it work?

Malverposting is a type of cyber crime where hackers use malicious ads to spread malware on social media platforms such as Facebook, Instagram, and Twitter. It works by tricking unsuspecting users into clicking on ads that appear on trusted platforms. Once clicked, malware in the form of malicious executables are downloaded onto the victim’s device without them knowing. The idea behind using ads is to increase the attack surface from which a larger target audience can be reached by abusing the delivery power of social media platforms.

Vietnamese Threat Actor

In April, an international malverposting campaign that has been active for over 3 months was traced to a Vietnamese threat actor. It is estimated this campaign has infected over 500,000 devices worldwide so far. These numbers have been reached by the misuse of Facebook Ads as the mass delivery method.

This specific campaign works by creating new business profiles and hijacking genuine well-known accounts that can have millions of followers. The attacker then posts clickbait ads for adult content and free downloads. These ZIP files contain executable files that trigger an infection chain leading to ‘Stealer’ malware being installed on the system. This can gather sensitive information from a system such as account data which is then exfiltrated to Command-and-Control servers.

Why does this Matter?

The information being stolen can be used to make Facebook bot accounts which are then used to post more malicious ads. This can enable a malicious actor to post thousands of ads daily. The user may not suspect they have had their device compromised as they are shown a decoy website once they click the executables which are shown as image files.

How to Protect Yourself

Whilst social media platforms are working hard to try and prevent these issues, they will not always be successful. Social media users should be aware of adverts they are clicking on platforms such as Facebook, Instagram and Twitter. Employers should also educate their employees about the risk of using social media on work devices, it should be understood that even if a popular page posts an ad, it does not guarantee it is safe as explained in the aforementioned example. Users should also make use of Antivirus Software that regularly detects malicious files and adblockers to stop accidental clicks to these malicious sites.


Malverposting is a growing cyber security threat that poses a significant risk to individuals and organisations alike. With the rise in online activities, the risk of these attacks is only going to increase. Therefore, it is essential to keep yourself and organisation aware and to also take proactive measures to protect against these risks.


Would you like to talk to us and find out more about our services?

Please fill in the form below and one of the team will get in touch.