Social Media Scams And AI Deepfakes Fuel Surge In Financial And Data Theft

Cybersecurity experts are raising alarms about a wave of new scams and malware that are increasingly targeting individuals and businesses alike.

These threats combine sophisticated techniques like AI-generated deepfakes, fake company posts on social media, and innovative malvertising strategies, leading to significant financial and data theft.

In its H2 2024 Threat Report, ESET highlighted the rise of a dangerous new malware-as-a-service (MaaS) tool, Lumma Stealer. Since its discovery in 2022, Lumma has seen a staggering 369% increase in detections, making it one of the most prominent threats in the cybercriminal world.

This malware primarily targets cryptocurrency wallets, user credentials, and browser extensions used for two-factor authentication.

Its rapid growth has been fueled by a variety of clever campaigns, including fake GitHub fixes, AI software impersonations, and compromised CAPTCHA sites. Notably, Lumma has been spread through patched files, including Key Management Service (KMS) activators for pirated Windows versions.

Alongside Lumma, Formbook has regained its position as one of the top threats among infostealers, surpassing Agent Tesla. With a 200% increase in detections, Formbook’s ability to gather sensitive data, including clipboard information, keystrokes, and cached browser data, continues to make it a significant threat.

Despite being active since 2016, Formbook remains highly effective due to its continuous development and use of advanced obfuscation techniques that help it evade detection. The malware is often spread through phishing emails.

The rise of Bitcoin, especially after its surge past $90,000 following the 2024 U.S. presidential election, has also fueled an increase in cryptostealers across multiple platforms.

ESET’s telemetry data reveals a dramatic rise in cryptostealer activity in the second half of 2024, especially on macOS, with a 127% increase in password-stealing malware like AMOS. Windows and Android devices also experienced significant increases, with Lumma Stealer variants leading the charge.

Techniques like Google ad poisoning, phishing, and optical character recognition (OCR) malware are being used to exploit vulnerabilities, making cryptocurrency wallet security a critical concern.

Mobile banking credentials are also at risk due to attackers exploiting Progressive Web Apps (PWAs) and WebAPKs. These technologies allow apps to be installed directly from websites, bypassing traditional app store security measures.

The apps often mimic legitimate banking apps, capturing login details, passwords, and two-factor authentication codes once installed. Users are urged to install apps only from trusted sources and employ robust security tools to protect their personal information.

On social media, a new scam is gaining traction, using deepfake videos and company-branded posts to deceive users into investing in fraudulent schemes. These scams, known as HTML/Nomani, promise secret investment opportunities or miracle products endorsed by AI-generated videos of celebrities.

Victims are directed to phishing websites where personal information is stolen, and the fraudsters manipulate them into making investments in non-existent products or even taking loans. This scam has become increasingly sophisticated, with tailored ads for different countries and regions.

Accommodation booking platforms, such as Booking.com and Airbnb, are also being targeted by cybercriminals using the Telekopye toolkit. Scammers are exploiting compromised hotel accounts to send fake payment issue messages to users who recently made bookings.

These messages lead victims to phishing sites that closely resemble legitimate booking platforms. Once victims enter their card information, it is stolen by the scammers. The Telekopye toolkit, which was originally designed for online marketplace fraud, has been adapted for use in accommodation booking scams.

The rise in these scams is particularly concerning as holiday booking seasons peak, increasing the likelihood of victims falling prey to these sophisticated attacks.

As these scams and malware continue to evolve, it is crucial for users to remain vigilant and implement robust cybersecurity practices to protect their personal and financial data.