Scammers are using the allure of artificial intelligence features and services to dupe unsuspecting Facebook users into downloading malicious software on their computers, according to security firm Bitdefender.

Over the past year, scammers have been hijacking Facebook Pages and changing them to look like legitimate AI services, including for OpenAI’s video creation tool Sora and its image creation tool DALL-E. The scammers then run ads on Facebook’s ad network, promising those who view the ad the opportunity to get early access to experimental AI research and products. Once users follow the Pages, the bad actors post AI-generated content to the Page to make it appear legitimate. They then tell the Page’s followers that to use the experimental AI services, they need to download software, which is really malware, including Rilide, Vidar, IceRAT, and Nova, that steals their data.

Indeed, the most popular Facebook Page that Bitdefender discovered, Midjourney AI, secured 1.2 million followers to its page before Facebook shut it down in March 2024. Soon after Facebook removed the Page for violating its policies, others cropped up, setting up a virtual game of Whac-a-Mole.

“Since we began our investigation, we noticed an additional four Facebook pages attempting to impersonate Midjourney, some of which were also removed from the platform,” Bitdefender said. “The latest malicious page impersonating Midjourney appears to have been taken over by the attackers on March 18 when the cybercriminals changed the original name of the original Facebook page. As of March 26, the scam profile has 637,000 followers.”

In the cases where users were directed to download software, there was a fair share of red flags. According to Bitdefender, users were given Google Drive or Dropbox links. Also, inspecting the Pages would quickly reveal they aren’t directly associated with the companies they’re supposed to be representing.