A group of Italian spyware companies leaked hundreds of fake personas from Facebook and Instagram with AI-generated profile photos that were used to spy on journalists and political activists. This was discovered by Meta.
Rome-based Cy4Gate and its subsidiary RCS Lab used artificial intelligence to generate profile photos, creating as many as 900 fake profiles, according to a meta-threat report released Thursday. The tech giant said the characters posed as protesters, journalists and young women.
In November, forbes RCS Lab has revealed that it is promoting a tool called Gens AI that allows you to quickly launch online characters with a simple dashboard. The company took the fake user offline after he alerted Meta about one of his personas being used to promote the tool.
“If we can collectively tackle this threat early in the attack chain, we can stop it before it reaches its final and most severe stage…”
Meta claimed that the persona was performing a social engineering attack on the target, trying to get them to click on a link that would unmask their IP address. In some cases, Word articles containing hidden code exposing intellectual property were passed to victims disguised as news articles or anti-government petitions. Impostors will also try to trick people into sharing their emails and phone numbers as part of the reconnaissance phase of target surveillance, the tech giant said.
Mehta said RCS targets also included journalists, activists and dissidents in Azerbaijan, Kazakhstan and Mongolia. That probably indicates that the governments of those countries are the customers. Google researchers previously discovered RCS Lab spyware targeting Apple iPhones and Android devices in Italy and Kazakhstan. Cy4Gate also runs its own malware called “Epeius” for Apple and Google phones. Google discovered that this malware exploited three known unpatched zero-day vulnerabilities in Android in 2023. Both companies’ malware has the ability to spy on almost everything happening on your computer. Infected devices, from messages to calls to photos.
Neither Cy4Gate nor RCS Lab responded to requests for comment.
Meta also revealed that it had removed a fake account created by IPS Intelligence, another Italian surveillance company. The image of the secret profile was created by AI and used to gather public information about the target. The targets were spread across Italy, Tunisia, the United States, Malta, Oman, Turkey, France, Zambia, Germany, and Mexico, and the imposter also tried to get the victim to click on a link that revealed her IP address. IPS did not respond to requests for comment.
Mike Dovilianski, head of cyber espionage research at Meta, said Tuesday that spyware companies have “built a web of complex corporate structures…perhaps in part to make attribution of wrongdoing more difficult.” It’s probably for the purpose of doing so.”
David Agranovich, the company’s director of threat destruction, said Meta is trying to stop surveillance from starting on its platform before things become more serious. “Early stages often enable later stages, so it is important to disrupt the entire lifecycle of the surveillance attack chain,” Agranovich said. “If we can collectively tackle this threat early in the attack chain, we can stop the damage before it reaches the final and most serious stage, when people’s devices and accounts are compromised.”