Facebook Ad Scam Tricks Investors with Fake Messages and Malware Disguised as ‘Verified Facebook App’

Cybercriminals are once again exploiting Facebook’s ad platform in a malicious campaign that lures users into downloading malware under the guise of resolving fake account problems. This time, they’re using brands like Binance and TradingView to grab the attention of investors and traders, leading victims to install a phony Facebook “desktop application.”

What’s Happening?

According to Bitdefender researcher Andreea Olariu, users are being exposed to malicious sponsored ads in Facebook’s right-hand panel. These ads are designed to look like unread messages from popular trading platforms. Some of the notices mention the official domain of the impersonated platform.

In another variation, the threat actors use phony “ads” mimicking real Facebook notifications.

When clicked, it redirects users to a fake Facebook clone website telling them their account has been locked due to unusual activity.

The site claims the app is a “verified desktop app” from Facebook and urges users to:

• “Install Application” to restore access
• Run the app to “unlock” their account

The catch? This “app” is malware.

Here’s the psychological trick:

1. The right-side ads look like urgent messaging from apps that most traders and crypto investors monitor closely.
2. Curious users click the fake message, expecting an update or alert from Binance or TradingView.
3. Instead, they land on a convincing Facebook clone, showing warnings like:
   • “Your account has been temporarily locked.”
   • “Unusual activity detected.”
   • “Run the official app to regain access.”

4.      Once downloaded, the so-called Facebook app installs malware, a new variant from the same threat actors behind the multi-stage info-stealer campaign Bitdefender Labs analyzed in a previous report.

Despite the fake message, the real Facebook account remains fully functional when accessed through official channels, like the official websites or app.

What to Do If You See These Notifications

This isn’t just a random phishing campaign – it’s part of a multi-stage malware operation targeting victims through weaponized Facebook advertising. Bitdefender continues to monitor and block these evolving threats.

Be cautious and follow these tips:

• Don’t trust ads that mimic message notifications, especially from unrelated platforms
• Never download a Facebook app from third-party domains. Do not click “Install Application” or “Start Recovery.”
• Check the URL – official Facebook domains include facebook.com or fb.com. Anything else is suspicious.
• Run a full scan with Bitdefender to remove any threats if you downloaded the fake app. Our AI-powered anti-malware engines and real-time threat intelligence help keep users safe from deceptive advertising attacks like this one.
• Report the ad on Facebook and alert friends or colleagues who might be targeted.
• Use Bitdefender Scamio and Bitdefender Link Checker to detect scam attempts and suspicious links.