Fake alerts, real anxiety: Exposing an active scareware plot spreading via Meta newsfeeds

Since scareware varies in form and capability, staying safe from such threats requires a robust cybersecurity solution and a sharp eye.

You’re scrolling through your Facebook feeds when, all of the sudden, a bright, blinking, and loud warning pops up. It claims your smartphone has been attacked by a virus or has technical issues and urges you to install a self-described cleaner app. Just a few taps and a few dozen bucks in in-app purchases later, and you’ll supposedly be rescued from malicious attacks and data loss.

image 1: Recording of a scareware ad. This particular ad is mimicking a virus alert.

However, in reality there are no real threats, nor any device issues. The messages, in fact are just standard paid advertisements on the Meta platform. Using rumble sounds and animations, they mimic device alerts trying to trick targets into believing their device is under attack or is malfunctioning. Such attacks are delivered via scareware. ESET discovered that one particular scareware campaign distributed these messages via more than 250 ads between February and April 2025 until it was shut down by Meta due to Unacceptable Business Practices by their clients.

Malicious campaigns like this show how easy it is to launch very believable scam campaigns that have the potential to reach hundreds of thousands of people. As scareware varies in form and capability, staying safe from such threats requires a robust cybersecurity solution. The Essential tier of ESET HOME Security was already recognized last March as AV-Comparatives’ Product of the Year 2024, and now ESET HOME Security has evolved even further with enhanced anti-scam feature. This means users gain protections even in situations where well-crafted scams would have otherwise successfully defrauded their targets.

Try ESET HOME Security now!

How scareware works

Scareware usually describes malicious software or scams using scare tactics to manipulate users into downloading malware or buying unwanted software. To put it simply, scareware serves as a gateway for malware or scams.

Scareware as a scam can come in the form of unsolicited messages, pop-ups, or ads on social networks scaring users into obtaining unwanted and often harmful software. Scareware is often combined with  .

Scareware as a class of malicious software includes rogue security software and other scam software that tricks users into believing their computer is infected with a virus. Typically, it displays an alert message persuading users to download and pay for fake antivirus, cleaner apps, or other software to remove it. Usually, the virus is fictional, and the software is non-functional or actually malware.

image 2: An example of a fake security alert stressing the target to call technical support.

Removing malware by deleting pictures?

Now, let’s take a look at the abovementioned ESET-discovered scam campaign. It targeted iPhone users with messages ranging from “Apple security alert!” and “Photo damaged” to “Your phone has been hacked!” or “167 Virus attacking your system!”.

image 3: Recording of a scareware ad claiming that the phone is paralyzed by junk files, enticing the user to install a cleaning app.

The scammers have perfected their approach: believable visuals, splashing bright colors, using pseudo-official warnings, urging immediate action, and even imitating phone rumble notifications with specific audio.

The truth is that considering the current state of AI tools, none of those elements are hard to produce anymore. Being distributed via social media by the fake account going by the name “Clean forrr-0221”, these convincing individual ads could have reached anywhere from thousands to hundreds of thousands of users.

image 4: The advertiser’s profile on Meta Ad Library with hundreds of now inactive ads.

And what about the advertised solution? The promoted ad doesn’t claim to remove malware. Its description describes removing duplicate photos—a feature that many smartphones already have built in.

That being said, it’s important to add that scareware ads on social media can lead to different types of apps. Some of them can be dangerous spyware, while others can border on being useless or offer a completely different type of service to what the ad promised for a fee.

Don’t be scared out of your wits

Dealing with scareware involves a combination of awareness, prevention, and action:

Awareness is the first step; understanding that scareware is designed to frighten you into making hasty decisions can help you avoid falling for such a scam. Always be skeptical of unsolicited warnings and offers, especially those that create a false sense of urgency.

When it comes to prevention, here are a few basic steps you should take:

• Ensure your device’s security is up to date and use reputable antimalware software to detect and block malicious programs.
• Regularly update your operating system and applications to patch vulnerabilities.
• Use a pop-up blocker to reduce the chances of encountering scareware ads.
• Avoid clicking on suspicious links or downloading software from untrusted sources, and be cautious with emails from unknown senders.
• Before installing any app, read its description carefully, see reviews, and background-check its creator.

If you suspect that scareware has already infested your device, take immediate action. Run a full system scan with your antimalware software to find and stop possible threats. It also is advisable to change your passwords and monitor your accounts for any unusual activity, as scareware can sometimes steal credentials.

You can learn more about dealing with scareware here.

Brace yourself with ESET

Scareware may seem like a simple scam, but it can have serious consequences ranging from financial losses to data breach or identity theft due to its malicious nature or by leading to a follow-up compromise.

Comprehensive scam protection therefore requires proactive defense that covers multiple smart devices and can deflect various kinds of attacks while keeping cybersecurity management simple and clear. This is exactly what ESET HOME Security is designed for.

To illustrate this, let’s say that there is a scareware attacking your Windows device, prompting you to pay for and install fake antivirus software, which is in fact a spyware. ESET HOME Security Ultimate can protect you in multiple ways:

Antispam can be the first line of defense, as many scams and cyberattacks start as spam emails. Spam messages accounted for over 46.8% of email traffic in December 2023.

Anti-Malware can discover, recognize, and stop scareware, spyware, and other types of malware trying to compromise your device.

Anti-Phishing can prevent you from visiting a phishing website offering fake antivirus or other deals.

Safe Banking & Browsing creates a secure environment when accessing online banking or online payment gateways to keep your financial data safe.

ESET Identity Protection is a last line of defense in case attackers have already stolen your data and are now selling it on the Dark Web. ESET Identity Protection detects these activities thanks to continuous black-market monitoring, and alerts you.

ESET VPN – A VPN assigns you a new IP address while making your online traffic secured and encrypted. In this way it can protect you against cybercriminals trying to intercept your data or track your online activity and use all these information (such as stolen credentials) for further scams.

ESET HOME Security also utilizes ESET Mobile Security for Android, which is a stand-alone solution recognized for its robust protection including Antivirus, Payment Protection, Anti-Phishing, Adware Detector, Anti-Theft and much more. Even Apple users can benefit from ESET HOME Security thanks to additional layers of protection such as Identity Protection and VPN.

Small Office/Home Office owners can stay protected from scareware thanks to ESET Small Business Security. It utilizes most of the above-mentioned features including Antivirus & Antispyware, Anti-Phishing, Safe Banking & Browsing, VPN, and extra layer of protection for Windows Server users—Safe Server.

Peace of mind

In the world of believable automated large-scale scams, simple in-built antivirus is not enough. Scareware preys on our human instincts to deal with sudden threats immediately, without thinking it through. Having a top-notch award-winning cybersecurity solution can bring peace of mind into even those stressful situations.