Nearly 1,000 fake profiles with AI-generated images have been posing as protesters, journalists and young women, Meta warns, and they appeared to be targeted at reporters and political activists.
A group of Italian spyware companies have had hundreds of fake personas using AI-generated profile photos thrown off Facebook and Instagram, after Meta found they were being used to snoop on journalists and political activists.
As many as 900 fake profiles were created by Rome-based Cy4Gate and its subsidiary RCS Lab using artificial intelligence to generate the profile photo, according to a Meta threat report published Thursday. The personas posed as protesters, journalists and young women, the tech giant said.
In November, Forbes revealed RCS Lab was promoting a tool called Gens AI, which could quickly spin up an online character in a simple dashboard. After alerting Meta to one of the personas being used to promote the tool, the company took the fake user offline.
“If we can collectively tackle this threat earlier in the attack chain, it can help us stop the harm before it gets to that final and most serious stage…”David Agranovich, Meta director of threat disruption
Meta claimed that the personas were carrying out social engineering attacks on targets, attempting them to click on links that would unmask their IP address. In some cases, Word articles containing hidden IP-revealing code were given to victims, dressed up as news articles or anti-government petitions. The fakes would also try to trick people into sharing emails and phone numbers, as part of a reconnaissance phase of surveillance of a target, the tech giant said.
Amongst RCS’ targets were journalists, activists and dissidents in Azerbaijan, Kazakhstan and Mongolia, Meta said. That possibly points to those nations’ governments as customers. Previously, Google researchers had discovered RCS Lab’s spyware targeting Apple iPhones and Android devices in Italy and Kazakhstan. Cy4Gate also runs its own malware for Apple and Google phones, dubbed Epeius, which Google found had exploited three unpatched and previously-known zero-day vulnerabilities in Android in 2023. The companies’ malware has the ability to snoop on almost everything happening on an infected device, from messages to calls to photos.
A Cy4Gate spokesperson told Forbes that it “unequivocally disapproves any mass scraping of social media content and categorically condemns any unacceptable behavior such as targeting of journalist, activists, dissidents or minorities.” They said the company worked with law enforcement to tackle crimes such as terrorism and child abuse. They did not address the specific allegations made by Meta, however.
The spokesperson later said that its products were not engineered to mass scrape social media and that it did not control its avatars once they were handed to customers. “We firmly state that no AI-empowered products developed by the CY4Gate Group have ever been sold to customers in Kazakhstan, Mongolia and Azerbaijan, and that the CY4Gate Group has never generated avatars corresponding to protestors or journalists,” they added.
Meta also disclosed that it had removed fake accounts created by another Italian surveillance business, IPS Intelligence, whose covert profiles had their images created by AI and were being used to scrape public information on targets. Its targets were based across Italy, Tunisia, the U.S., Malta, Oman, Turkey, France, Zambia, Germany and Mexico, as the fakes also tried to get targets to click on links that would reveal their IP address. IPS did not respond to requests for comment.
Meta’s head of cyber espionage investigations, Mike Dvilyanski, said on Tuesday that spyware companies were setting up a “complicated web of corporate structures… likely, in part, to make attribution of abusive activities more challenging.”
David Agranovich, the company’s director of threat disruption, said Meta was trying to stop surveillance starting on its platform before it became more serious. “It’s critical to disrupt the entire lifecycle of the surveillance attack chain because the earlier stages often enable the later ones,” Agranovich said. “If we can collectively tackle this threat earlier in the attack chain, it can help us stop the harm before it gets to that final and most serious stage of compromising people’s devices and accounts.”