Inside APAC's malvertising ecosystem: How scams spread through social media ads

Bitdefender Labs has uncovered a large-scale malvertising ecosystem operating across APAC, where scam campaigns are distributed through paid advertising on Meta platforms and quickly generate massive reach.

Key takeaways

• Bitdefender Labs identified 12,000 scam campaigns across 13 APAC countries
• These campaigns generated more than 400,000 ad sightings through paid ads on Meta platforms
• Health and finance are the leading scam categories, together accounting for 37.3% of all campaigns
• Australia alone accounts for 52% of all observed scam campaigns
• Three repeatable cross-country patterns stand out: fake app downloads, scandal-driven phishing, and AI-themed investment scams
• Across markets, scammers reuse infrastructure, fake pages, redirect chains, and campaign templates

Between January and April 2026, Alexandra Svetlana DINULICA and Vlad Mihai Sireanu of Bitdefender Labs tracked more than 400,000 scam ad sightings tied to over 12,000 scam campaigns across 13 APAC countries. While these fraudulent ads seem unrelated at first glance, promoting everything from health products to crypto apps and celebrity stories, they follow the same playbook.

Many of the finance-focused campaigns mirror tactics we documented earlier this year in our global investment scam network that abused Meta’s ad system. In both cases, scammers rely on fake news narratives, impersonated brands, celebrity endorsements, and coordinated redirect infrastructure to move users from a trusted-looking ad into a fraudulent environment. The malvertising APAC data shows that these techniques are reused at scale.

A malvertising ecosystem hiding in plain sight

One of the most important takeaways is how broad this ecosystem really is. Health-related scams lead the dataset at 19%, followed by finance at 18%. After that, the categories spread out into entertainment, home, gambling, courses, beauty, software, and more.

Social media ads have effectively become testing grounds for scammers. Some campaigns lean into financial anxiety. Others push health fears, celebrity gossip, or “exclusive” opportunities. The themes shift depending on the audience, but the objective stays the same: get the click before the user has time to question what they’re seeing.

Different themes, same machinery

Even though the ad content varies, the underlying structure rarely does.

A user sees a paid ad that looks legitimate. It may feature a trusted brand, a well-known personality, or a news source that looks real. In some cases, the preview even shows a legitimate domain.

Then comes the redirect.

After the click, users are sent through one or more intermediary pages before landing on a fake website, a phishing form, or a malicious download. These destinations can rotate constantly, making the campaigns harder to detect and take down.

The same pattern shows up again and again, across countries and categories.

The playbooks behind health-themed malvertising campaigns

The observed health scam ecosystem spans several major categories, including sleep disorder and anti-snoring device scams, "whistleblower doctor" respiratory remedy scams, health insurance "hack" scams, and weight loss or metabolism supplement scams.

 The analyzed campaigns are all built around highly sophisticated, deceptive advertising campaigns that exploit consumer fears and health vulnerabilities through emotionally persuasive storytelling, fake expert authority, and pseudo-scientific claims. These campaigns commonly promote unverified health remedies, insurance "loopholes," and wellness products using fabricated testimonials, conspiracy narratives, manipulated medical data, and misleading urgency tactics designed to build trust and drive conversions. Common patterns include impersonation of medical professionals, claims of suppressed or "hidden" solutions, suspicious newly created domains, lead-generation funnels, and exaggerated promises targeting vulnerable audiences.

The playbooks behind the financial-themed scam campaigns

Fake apps and download traps

One of the most common tactics is to impersonate platforms like Binance, TradingView, or Wise.

The ad looks convincing. It might offer a bonus, a premium upgrade, or a desktop app download. The preview looks legitimate, but the destination leads to a fake site designed to steal credentials or install malware.

This pattern appears in Vietnam, Japan, Bangladesh, Thailand, Malaysia, New Zealand, and the Philippines, often using near-identical infrastructure.

Scandal and celebrity bait

Another approach leans heavily on trust.

Scammers create fake “breaking news” stories involving central banks, economists, or celebrities. These ads are designed to feel urgent and credible at the same time, pushing users to click quickly.

We see this in campaigns tied to the Reserve Bank of Australia, Bank Negara Malaysia, and celebrity figures in Japan and Bangladesh.  This is the same playbook we saw in the Meta-based investment scam network reported by Bitdefender Labs in March, now reappearing across APAC markets with new branding and new audiences.

AI-themed investment scams

The third pattern is investment fraud. Instead of promising profits directly, these campaigns talk of “AI-powered insights,” “stock diagnostics,” or automated strategies.

Where scam campaigns are most active

Australia clearly dominates, but in the rest of APAC, scam campaigns are widely distributed and constantly shifting.

Across APAC, scam ads don’t look the same, but their behavior is very similar. In Australia, the scams often feel polished and convincing, sometimes posing as breaking news or using familiar names to build trust. In India, it’s less about storytelling and more about scale, with the same message pushed through dozens of fake accounts at once. In Southeast Asia, you start to see both approaches combined, with fake apps, investment offers, and impersonated brands appearing across multiple countries with only minor tweaks.

In some markets, scammers focus on making things feel local. In Bangladesh, for example, ads use the local language and familiar public figures, while in Singapore, some campaigns go a step further by using real financial data to make fake tools look legitimate. In Indonesia, the strategy shifts again, with low-cost offers used to start conversations that quickly move to private messages rather than websites. These differences make the scams feel tailored, even though the same techniques are being reused behind the scenes.

What really stands out is how closely everything is connected. The same fake apps, the same types of investment scams, and even the same accounts can show up in multiple countries at once. Some campaigns are clearly built to run across borders, while others spill over into new markets as they gain momentum. So even if the ads look different depending on where you are, they’re often part of the same larger system, one that keeps adapting but rarely changes its core playbook.

How users across APAC can stay safe

The campaigns we analyzed may look different depending on where you are, but they rely on the same core tricks: urgency, trust, and misdirection. Whether it’s a bogus health product, a trading platform, or a breaking news story, the goal is to make you click before you have time to question what you’re seeing.

That’s why slowing down and double-checking can make a real difference.

If you come across a “shocking” investment story or a too-good-to-be-true opportunity, you can run it through Bitdefender Scamio. Just paste the link, message, or even a screenshot, and it will quickly flag common scam patterns, including fake investment platforms, impersonation campaigns, and urgent “deposit now” schemes like the ones uncovered in this investigation.

It’s also worth checking where a link actually leads before clicking. Many of the ads we analyzed displayed trusted domains in the preview, only to redirect users to a completely different destination. Bitdefender Link Checker helps uncover those hidden redirects and flag unsafe websites before you share any personal information.

On a desktop, having protection running in the background adds another layer of safety. A full Bitdefender security solution for Windows or macOS can block phishing pages, fake news clones, and fraudulent landing pages automatically, even if you click on a malicious ad by mistake.

And since most of these scams start on mobile, protecting your phone is equally important. With Bitdefender Mobile Security on Android or iOS, you’re protected against malicious links, scam-driven redirects, and unsafe websites that often originate from social media apps and sponsored posts. Moreover, with Scam Radar, you get real-time alerts about scam campaigns that are actively spreading in your area. It acts as an early warning system, giving you a heads-up before you even encounter the scam.

Each alert includes real examples of scam messages or ads, along with the tactics, keywords, and links attackers are using. You also get insight into who scammers are impersonating, whether it’s a well-known brand, a public figure, or a financial platform. That context makes it much easier to recognize the same pattern when it shows up in your feed.