A malvertising campaign uncovered by Trend Micro hijacks Facebook pages to lure users into downloading a fake AI photo editor that installs the Lumma stealer malware, targeting credentials and system data. Attackers use phishing to gain control of social media pages, post ads for the bogus software, and trick victims into downloading ITarian endpoint management software, which then deploys the malware. The campaign has resulted in 16,000 downloads on Windows and 1,200 on macOS, though only Windows users are targeted. To avoid compromise, users should enable multifactor authentication, use strong, unique passwords, and stay vigilant against phishing attempts. Organizations should educate employees about social media threats and phishing risks.