Cybercriminals have launched a campaign that exploits Facebook’s advertising platform to distribute malware and steal cryptocurrency wallet credentials, targeting users worldwide through Pi Network-themed advertisements. The operation began on June 24, 2025 and has already deployed over 140 ad variations to maximize its reach across multiple continents. The threat actors have weaponized legitimate social media advertising mechanisms to deliver multi-stage malware payloads.