Hackers are tricking victims into scam-yourself attacks with fake tutorials, CAPTCHAs, and updates
Scam-Yourself attacks rose by an astonishing 614%
- AI continues to play a dual role in cybersecurity
- Lumma Stealer rises 1154%, marking a new malware peak
- Outdated systems remain vulnerable to ransomware
In its recent Q3 2024 Threat Report, Gen highlights alarming trends that reveal the rising complexity of cyber threats, highlighting that as cybercriminals refine their methods, the dual role of AI becomes evident.
While AI can be weaponized to enhance attacks by proliferating realistic deepfakes and highly convincing phishing campaigns, AI tools also serve as a crucial defense mechanism.
With cyber threats becoming more sophisticated and harder to detect, awareness and proactive measures are essential for safeguarding sensitive information.
Social engineering tactics take center stage
Cybercriminals increasingly use social engineering tactics to deceive millions into compromising their security. Quarter-over-quarter, there has been a 614% rise in “Scam-Yourself Attacks” which use psychological manipulation to trick individuals into unintentionally installing malware on their own devices.
Attackers will use fake tutorials shared on popular platforms like YouTube that claim to provide free access to paid software, enticing users to follow the instructions. However, the victims inadvertently download malicious programs instead.
Another tactic, known as ClickFix Scams, deceives victims by presenting fake technical solutions and then instructing users to copy and paste malicious code into their command prompts, unknowingly granting attackers control of their systems.
Similarly, fake CAPTCHA prompts have emerged disguised as standard verification steps, prompting users to paste harmful code into their systems. Fake updates that present themselves as essential software updates are being sent to users loaded with malware disguised to gain administrative privileges once installed.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Data-stealing malware and ransomware has seen an uptick with information stealers rising by 39%. The Lumma Stealer for example increased its activity by 1154%.
Ransomware attacks also surged, with a 100% increase in risk ratio, with the Magniber ransomware leading these attacks by exploiting unpatched software to gain access. Outdated systems, such as Windows 7, remain particularly vulnerable, however Gen has worked with governments to release free decryption tools like the Avast Mallox Ransomware Decryptor.
Mobile devices also suffered rises in data-stealing malware attacks, which grew by 166% during Q3/2024. A new spyware strain, NGate, emerged, capable of cloning bank card data to withdraw money or conduct unauthorized transactions. Meanwhile, banking malware, such as Rocinante, increased by 60%, with new strains like TrickMo and Octo2 surfacing.
In terms of delivery, malicious SMS messages remain the primary delivery method. Telemetry from Norton Genie shows that smishing (malicious SMS scams) accounts for 16.5% of observed attacks, followed by lottery scams (12%) and phishing emails/texts (9.6%).
You may also like
- These are the best antivirus solutions
- Take a look at the best Mac antivirus
- LastPass hacked, users see millions of dollars of funds stolen
Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com