Recently, I came across a serious security warning that I want to share with everyone. Hackers have been running fake Windows 11 update ads on Facebook, specifically targeting cryptocurrency users, and their methods are quite sophisticated.

According to Malwarebytes' investigation, these fake ads closely resemble the genuine Microsoft branding. When victims click on them, they are directed to counterfeit Microsoft websites with domain names that look identical to the real ones. The hackers use geofencing techniques to avoid automated scans, targeting only home or office network users, thus bypassing data center detections.

What’s even more malicious is the subsequent malware. It disguises itself as a folder named “LunarApplication,” deliberately mimicking the name of a certain crypto tool brand, making victims think it’s legitimate. In reality, it steals your crypto wallet files, seed phrases, and even browser login information and passwords, then transmits everything to the hackers. This software also has evasion mechanisms to detect virtual machines and analysis tools, stopping execution in monitored environments—these are technical details they don’t want you to know.

This isn’t the first time. During Pi Network’s Pi2Day event last year, hackers launched 140 fake ads, pretending to give away free airdrops to trick people into revealing their recovery seed phrases. Victims were located across the US, Europe, Australia, China, and India.

Another case from September last year involved hackers placing fake ads on Meta, Google, and YouTube promoting free TradingView Premium. They even hijacked verified YouTube accounts to run fake video ads. One of the titles was “Free TradingView Premium – The Secret Method They Don’t Want You to Know,” which was viewed over 180,000 times within days. The video descriptions contained malicious executable links, employing evasion techniques so that only targeted users would see the actual malicious content.

In terms of numbers, last year’s crypto scams caused approximately $17 billion in losses. Malicious info-stealing malware affected millions of devices, and by 2025, about 1.8 billion credentials had been stolen. Cybersecurity firm DeepStrike pointed out that any accounts involving online banking, PayPal, or crypto wallets are prime targets for criminals.

So everyone needs to be cautious, especially with ads on social media. No matter how real they look, always update your system through official websites and avoid clicking on ad links. If you see suspicious free airdrops or premium feature offers, think twice before acting. Never share your seed phrases or private keys with anyone—that’s the most basic security rule.