In brief: Facebook has sued a Hong Kong-based company that it claims enticed people into clicking on celebrities’ photos in ads, which in turn installed malware that compromised their accounts.

The social network writes that it filed suit in California yesterday against ILikeAd Media International Company Ltd. and two men behind the firm: Chen Xiao Cong and Huang Tao.

Facebook says the defendants used “celeb baiting” to get users to click on ads. This installed malware that allowed attackers to hijack accounts. Once they had control, the accounts were used to promote counterfeit products, diet pills and male enhancement supplements, which were billed to the victim’s ad account.

To hide the true nature of the ads from Facebook, ILikeAd used a technique called “cloaking.” This displayed one version of an ad’s landing page to Facebook’s systems and a different version to the platform’s users.

Facebook says it has issued more than $4 million in refunds to customers whose accounts were hijacked by ILikeAd to run its unauthorized ads. It also helped these users secure their accounts.

Because cloaking schemes are usually sophisticated and well organized, it is often difficult for Facebook to identify those behind them, which is why there haven’t been many legal cases of this kind.

“Creating real world consequences for those who deceive users and engage in cloaking schemes is important in maintaining the integrity,” Jessica Romero, Facebook’s director of platform enforcement and litigation, said in a statement.