Researchers discover over 400,000 fraudulent advertisements across one social media firm’s platforms that deploy AI-themed lures alongside fake applications, news tactics.
Threat researchers have discovered a large-scale malvertising operation targeting users across 13 countries in the Asia Pacific region using paid social media ads to distribute investment and health scams.
Attackers have been reusing infrastructure across multiple countries while tailoring content to local audiences.
Between 1 January and 30 April 2026, more than 400,000 scam ad instances had been observed across roughly 12,000 campaigns spanning 13 countries, including Australia, Malaysia, the Philippines, New Zealand, Singapore, Vietnam and Vietnam.
The campaigns have relied on coordinated ad buys on Meta platforms, combining legitimate advertising tools with fraudulent landing pages and redirect networks. The activity stands out for its consistency:
- While branding, language and imagery shift by market, the underlying delivery mechanism remains largely unchanged. Templates, domains and redirect chains are recycled across borders, allowing operators to scale quickly while maintaining a low development cost.
- In Singapore, campaigns showed a shift towards more technically convincing lures. Fraudulent investment platforms embedded real financial data to simulate legitimate analytics tools, making them appear functional rather than purely deceptive. This approach targets users familiar with digital trading environments, lowering suspicion thresholds.
- Across the other affected countries in the region, three primary tactics were identified:
- One involves fake app promotions, where ads impersonating investment or trading services lead to credential-harvesting sites.
- Another uses fabricated “breaking news” or scandal-driven narratives designed to trigger impulsive clicks.
- A third leverages interest in AI, promoting supposed automated trading or stock analysis tools to create perceived sophistication.
- Health-related scams have comprised a significant portion of activity, including fake remedies and insurance-related claims supported by fabricated testimonials and pseudo-scientific language.
- Execution varies by market: Indonesian campaigns often shift users into private messaging channels, while operations in India emphasize volume through simultaneous posting across multiple accounts. In Bangladesh, localization includes the use of familiar public figures and local languages.
The use of paid ad infrastructure and iterative campaign testing suggests a level of organization more commonly associated with legitimate digital marketing operations, complicating detection and enforcement.
According to Bitdefender researchers, who released their findings on 2 June 2026, the campaigns rely on “urgency” and “polished presentation” to drive engagement, noting that slowing user response time remains one of the more effective ways to disrupt such scams.
