Social Media Scams And AI Deepfakes Fuel Surge In Financial And Data Theft - 1

Image by DC Studio, from Freepik

Social Media Scams And AI Deepfakes Fuel Surge In Financial And Data Theft

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Cybersecurity experts are raising alarms about a wave of new scams and malware that are increasingly targeting individuals and businesses alike.

In a Rush? Here are the Quick Facts!

  • Lumma Stealer saw a 369% increase in detections in H2 2024.
  • Bitcoin’s rise triggered a surge in cryptostealer activity, especially targeting macOS.
  • Telekopye toolkit is being used to scam users of booking platforms like Booking.com.

These threats combine sophisticated techniques like AI-generated deepfakes , fake company posts on social media, and innovative malvertising strategies, leading to significant financial and data theft.

In its H2 2024 Threat Report , ESET highlighted the rise of a dangerous new malware-as-a-service (MaaS) tool, Lumma Stealer. Since its discovery in 2022, Lumma has seen a staggering 369% increase in detections, making it one of the most prominent threats in the cybercriminal world.

This malware primarily targets cryptocurrency wallets, user credentials, and browser extensions used for two-factor authentication.

Its rapid growth has been fueled by a variety of clever campaigns, including fake GitHub fixes, AI software impersonations , and compromised CAPTCHA sites. Notably, Lumma has been spread through patched files, including Key Management Service (KMS) activators for pirated Windows versions.

Alongside Lumma, Formbook has regained its position as one of the top threats among infostealers, surpassing Agent Tesla. With a 200% increase in detections, Formbook’s ability to gather sensitive data, including clipboard information, keystrokes, and cached browser data, continues to make it a significant threat.

Despite being active since 2016, Formbook remains highly effective due to its continuous development and use of advanced obfuscation techniques that help it evade detection. The malware is often spread through phishing emails .

The rise of Bitcoin, especially after its surge past $90,000 following the 2024 U.S. presidential election, has also fueled an increase in cryptostealers across multiple platforms .

ESET’s telemetry data reveals a dramatic rise in cryptostealer activity in the second half of 2024, especially on macOS , with a 127% increase in password-stealing malware like AMOS. Windows and Android devices also experienced significant increases, with Lumma Stealer variants leading the charge.

Techniques like Google ad poisoning, phishing, and optical character recognition (OCR) malware are being used to exploit vulnerabilities, making cryptocurrency wallet security a critical concern.

Mobile banking credentials are also at risk due to attackers exploiting Progressive Web Apps (PWAs) and WebAPKs. These technologies allow apps to be installed directly from websites, bypassing traditional app store security measures.

The apps often mimic legitimate banking apps, capturing login details, passwords, and two-factor authentication codes once installed. Users are urged to install apps only from trusted sources and employ robust security tools to protect their personal information.

On social media, a new scam is gaining traction, using deepfake videos and company-branded posts to deceive users into investing in fraudulent schemes. These scams, known as HTML/Nomani, promise secret investment opportunities or miracle products endorsed by AI-generated videos of celebrities.

Victims are directed to phishing websites where personal information is stolen, and the fraudsters manipulate them into making investments in non-existent products or even taking loans. This scam has become increasingly sophisticated, with tailored ads for different countries and regions.

Accommodation booking platforms, such as Booking.com and Airbnb, are also being targeted by cybercriminals using the Telekopye toolkit. Scammers are exploiting compromised hotel accounts to send fake payment issue messages to users who recently made bookings.

These messages lead victims to phishing sites that closely resemble legitimate booking platforms. Once victims enter their card information, it is stolen by the scammers. The Telekopye toolkit, which was originally designed for online marketplace fraud, has been adapted for use in accommodation booking scams.

The rise in these scams is particularly concerning as holiday booking seasons peak, increasing the likelihood of victims falling prey to these sophisticated attacks.

As these scams and malware continue to evolve, it is crucial for users to remain vigilant and implement robust cybersecurity practices to protect their personal and financial data.

African Stablecoin Fintech Juicyway Hits $1B Milestone In Cross-Border Transactions - 2

Photo by Tech Daily on Unsplash

African Stablecoin Fintech Juicyway Hits $1B Milestone In Cross-Border Transactions

  • Written by Andrea Miliani Former Tech News Expert

The African fintech Juicyway recently announced processing more than $1 billion in transactions powered by stablecoin technology. The startup, founded and operating since 2021, also recently raised $3 million in a pre-seed round.

In a Rush? Here are the Quick Facts!

  • Juicyway generated $1.3 billion after 25,000 transitions from its 4,000 clients
  • The company recently raised $3 million in a pre-seed round
  • The startup is launching publicly after three years of operations reaching multiple large clients

According to TechCrunch , Juicyway reached a recent milestone without a public app, and with little marketing, reaching large clients like Bolt and Bamboo—one of Africa’s largest stock brokerages. After 25,000 transactions from its over 4,000 users, the startup generated $1.3 billion in total payment volume.

Juicyway has been growing organically and reaching more and more clients—relying on its service and word-of-mouth referrals—and is now launching publicly.

The fintech specializes in cross-border payments and has recently expanded to the United States, making it simpler for Africans in the United States to send money to African countries starting with Nigeria.

“Our mission is to be the one platform that enables Africans of all economic strata to seamlessly participate in the global market on equal footing,” states its website .

Juicyway uses stablecoins like USDT and USDC to manage transactions instead of managing fiat currencies directly. This way they allow users to purchase, hold, or exchange cryptocurrencies and send money to other digital wallets quickly.

Ife Johnson and Justin Ziegler, Juicyway founders, are proud of their solution and expect the new U.S. expansion to help reduce barriers in the African economy.

“Without access to American banking or platforms like Juicyway, as someone born and raised in Africa, I wouldn’t be able to participate in the global economy, you know, as free as I currently do,” said Johnson in an interview with TechCrunch.

Other non-US fintech have been growing and expanding as well. The Mexican fintech Stori raised $212 million in funding in August and Revolut recently got its banking license in the United Kingdom .