Troubling malware threat spreading on Facebook and Twitter


A new kind of malware attack is spreading like wildfire on social media, including Facebook, and through posts on Twitter. There have already been an estimated 500,000 infections worldwide, according to researchers at Guardio Labs. 

More recently, there is a noticeable surge of fake campaigns on social media sites like Facebook and Twitter where infected promoted posts and ads are deliberately posted to install malware when you click on them. 

This troubling new method of spreading malware is known as ‘Malverposting’.  Here’s what we know about it. 


Malverposting happens when someone uses promoted social media posts and tweets to spread malicious software and other security threats. The way these scammers work is by paying for ads that will boost their malicious posts so that more people see them and then fall for their malware scam.


Many of these posts contain content that will bait you into believing that they’re real. Some will be fake ads for clothing or electronics being sold for super cheap prices, while others will try to convince you to invest in a fake scam or download an app that is actually fake. 

One particular campaign that has been gaining traction over the last few months is happening on Facebook. It works by creating new fake business profiles and hijacks real profiles that have large followings. With these profiles, it overwhelms people’s Facebook feeds with malicious click-baits promising adult-rated photo album downloads for free. 

When a victim clicks on the post from this campaign, a malicious ZIP file is downloaded to their computers. The ZIP file contains tons of “photos” that, when clicked, will initiate the process of releasing malware onto the device being used.  

The malware will then secretly copy the user’s sessions, cookies, accounts, crypto-wallets and more, and send the information from their computer or device to the scammer without the user’s knowledge. This can severely hurt the users who fall for the bait, and it also deeply hurts the legitimate business profiles whose information gets compromised and essentially halts their business from flourishing in a social media setting. 


There are a few steps you can take to make sure that you do not fall for a fake scam on social media. Here are some of my tips: 

. The language of a post is a lot more important than you think. If you look closely and notice that a post is trying very hard to push a product on people by using insanely low prices that won’t be found anywhere else (like a laptop being sold for $20 for example), then that’s a huge red flag for a scam. 

It could be a hacker behind that post, pretending to be your friend. 

Do a quick online search for the store’s name, and look for reviews and complaints from other customers. You should also check the Better Business Bureau website to see if the store has a rating or any complaints. If you see a lot of negative reviews and comments, don’t trust them. 

That’s sure to be a scam. 


This story is also another reminder to always have good antivirus software running on your devices, as these social media scams can entail the victim clicking on a fake post. Antivirus software on your devices will stop you from clicking on any potential malicious links in social media posts. 

See my expert review of the by visiting . 

The team at Guardio did reach out to Meta (the parent company of Facebook) to make them aware of these alarming facts. According to the security group. Meta’s research and engineering teams are actively working to stop the propagation on their ad network. 

Have you noticed any malware scams on social media lately? Let us know at  

For more security alerts like this, subscribe to my free CyberGuy Report Newsletter by heading to  

Copyright 2023 All rights reserved.