Social media deepfake scams push fraudulent investment schemes
Social media has seen a 335 percent boom in new scams using deepfake videos and company-branded posts to lure victims into fraudulent investment schemes.
The latest threat report from ESET tracks these as HTML/Nomani, the countries with the most detections being Japan, Slovakia, Canada, Spain, and Czechia.
The report summarizes threat landscape trends seen in ESET telemetry and from the perspective of both ESET threat detection and research experts, from June through November 2024. Infostealers are one of the threat categories to experience a reshuffle in this period, with the long-dominant Agent Tesla malware dethroned by Formbook -- a well-established threat designed to steal a wide variety of sensitive data. Lumma Stealer too is becoming increasingly sought after by cybercriminals, appearing in several notable malicious campaigns in H2 2024. Its detections shot up by 369 percent in ESET's telemetry.
"The second half of 2024 seems to have kept cybercriminals busy finding security loopholes and innovative ways to expand their victim pool, in the usual cat-and-mouse game with defenders. As a result, we've seen new attack vectors and social engineering methods, new threats skyrocketing in our telemetry, and takedown operations leading to shake-ups of previously established ranks," says ESET director of threat detection Jiří Kropáč.
Notorious 'infostealer-as-a-service' Redline Stealer was taken down by international authorities in October 2024. But it's expected that its demise will lead to the expansion of other similar threats. The ransomware landscape has also been reshaped by the takedown of former leader LockBit, creating a vacuum to be filled by other actors. RansomHub, a ransomware-as-a-service, stacked up hundreds of victims by the end of H2 2024, establishing itself as the new dominant player.
With cryptocurrencies reaching record values in H2 2024, cryptocurrency wallet data has been one of the prime targets of malicious actors. ESET's telemetry sees in a rise in cryptostealer detections across multiple platforms. Interestingly the increase is most dramatic on macOS, where so-called Password-Stealing Ware -- heavily targeting cryptocurrency wallet credentials -- more than doubled compared to H1. AMOS (also known as Atomic Stealer), malware designed to collect and exfiltrate sensitive data from Mac devices, was a significant contributor to this increase. Android financial threats, targeting banking apps as well as cryptocurrency wallets, also grew by 20 percent.
You can get the full report on the ESET WeLiveSecurity blog.
Image credit: Wrightstudio/Dreamstime.com