Hackers Use Facebook Ads to Push Fake Windows 11 Updates That Steal Crypto
Security teams have observed an uptick in aggressive Facebook ads posing as Windows 11 updates that funnel users to fake installers. The payloads reported in these campaigns behave like info-stealers and credential harvesters designed to target crypto users — compromising desktop wallets, browser extension keys, and stored seed phrases. Attackers exploit ad reach and social trust to scale infections quickly, often using realistic UI and download prompts to trick less cautious users.
This matters for anyone practicing self-custody: social platforms can be used to bypass traditional malware distribution checks and reach large pools of potential victims. Users should only install OS updates from official Microsoft channels, verify download sources and signatures, keep wallets on hardware devices when possible, and enable strong account protections. Platforms and advertisers face renewed pressure to tighten ad review to prevent financially targeted malware campaigns.