Threat Research

How AI-Generated Personas, Deepfake Tactics and Scripts Are Powering the Next Wave of”Scam-Yourself” Attacks

GenDigital

This article discusses a sophisticated “Scam-Yourself” campaign that utilizes AI-generated videos and scripts for malicious purposes, showcasing a troubling trend where cybercriminals manipulate victims into compromising their own security. The campaign operates through compromised YouTube accounts, leveraging deepfake technology and AI assistance in creating fraudulent content. Affected: Cybersecurity, Online platforms, YouTube, Cryptocurrency.

Keypoints :

  • The “Scam-Yourself” campaign has seen a 614% increase as reported in Q3/2024.
  • AI-generated videos and scripts are used to persuade victims into downloading malware.
  • The campaign originated from a compromised verified YouTube channel with a large subscriber base.
  • Numerous fake accounts impersonate a single AI-generated persona to amplify the scam.
  • Deepfake technology is employed to create convincing tutorial videos that lure victims.
  • The attackers utilize various hosting services to evade detection.
  • The ultimate goal is to install malware for remote access and data theft.
  • Sponsored ads on YouTube help in promoting these malicious videos.
  • Proactive measures like Clipboard Protection are implemented to counter these threats.

MITRE Techniques :

  • **TA0002** – Execution: Attackers use PowerShell commands to execute malicious scripts.
  • **TA0001** – Initial Access: Cybercriminals compromise a verified YouTube account to host malicious content.
  • **TA0040** – Impact: The end goal is to install malware for data exfiltration and control over victim systems.
  • **T1203** – Exploitation for Client Execution: The campaign exploits users into executing harmful commands by following the video instructions.
  • **T1071.001** – Application Layer Protocol: Attackers use Command-and-Control domains to communicate with installed malware.

Indicator of Compromise :

  • [PowerShell Commandline] 902387e7be025fbe2c4b1a3f2ea212a26f9cbbcf82f656416b362c84089b712b
  • [PowerShell Script] a5e0635363bbb5d22d5ffc32d9738665942abdd89d2e6bd1784d6a60ac521797
  • [C&C] developer-update[.]dev
  • [C&C] begenokev[.]com/oauth/harum/voluptas
  • [Malware Hash] 2fe60aa1db2cf7a1dc2b3629b4bbc843c703146f212e7495f4dc7745b3c5c59e

Full Story: https://www.gendigital.com/blog/insights/research/ai-generated-personas-deepfake-tactics-scam-yourself-attacks

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint