Researchers from Cybersecurity They have detected a new method of digital threat under the formula of self-deception or ‘scam-yoursElf’, thanks to which cybercriminals committed a verified YouTube account with 110,000 subscribers to house a video generated by Artificial intelligence (AI) ‘malware’ container with the aim of executing financial fraud.
The self -deception formula consists in pressing users and manipulating them psychologically to install and execute a malicious code on their equipment, which kidnaps their user accounts, with their names and credentials, and carries out financial fraud.
To launch the ‘SCAM-Yourself’ technique, cybercounts use videos completely generated by artificial intelligence (AI) and created using ‘scripts’ generated with this technology, with tools such as chatgpt, developed by OpenAi.
The “Gen security software ‘brand, owner of the Avast cybersecurity firm, has indicated that this threat” brings together multiple advanced attack techniques in a single campaign “and that continue to be a growing threat. In the fourth quarter of 2024, the cybersecurity firm blocked attacks aimed at 4.2 million people, an increase of 130 percent with respect to the previous quarter.
According to AVAST investigations, they have presented a recent case of ‘Sam-Yourself’ in which cybercriminals committed a YouTube verified user account that already had 110,000 subscribers and reused it for their fraudulent operations.
While at first glance it seemed to contain legitimate videos, the verified channel also housed a video ‘Deepfake’ not listed, which contained malicious ‘software’ executable and that could be shared externally, as it has pointed out in a statement.
The fraudulent video was presented as a tutorial to unlock the developer of the Trading View financial platform, stating that, in doing so, indicators promoted by AI were released, which would help users grow their financial portfolio.
Likewise, the malicious actors created other false accounts using the image of the user of the verified account, thanks to which they added other “hundreds of thousands of subscribers”, in some cases bought, according to the firm, with different pseudonyms, such as Thomas Harris, Thomas Dev and Thomas Roberts.
In the videos that these channels contained, ‘Deepfake’ videos were included in which AI was used to combine the voice with facial and body movements to create convincing characters that also followed a script generated by this technology.
Researchers have indicated that the objective of this ‘malware’ is to install the Netsupport or Lumma Stealer information thieves, giving the attackers the total control over the infected system and allowing the theft of their data to execute bank fraud.