Cybercrime is evolving at a blistering pace, and the latest report from Gen™—a leader in consumer cybersecurity—paints a stark picture of just how quickly scammers are adapting. Released today, the Q3/2024 Gen Threat Report highlights a staggering 614% increase in “Scam-Yourself Attacks,” where unwitting victims are tricked into actively participating in their own system’s compromise.
This alarming trend is compounded by rising threats from data-stealing malware and ransomware, as well as a surge in mobile-focused attacks. As cybercriminals wield AI, deepfake technology, and advanced social engineering to up their game, consumers are finding it harder than ever to distinguish scams from legitimate interactions.
The Rise of “Scam-Yourself Attacks”
Cybercriminals are exploiting human curiosity and problem-solving instincts with a new breed of attack that goes beyond conventional phishing or malware schemes. “Scam-Yourself Attacks” manipulate users into downloading malicious scripts under the guise of free tutorials, software updates, or solutions to technical problems.
Here’s how they work:
- Fake Tutorials: On platforms like YouTube, cybercriminals offer “free” software downloads, embedding malware in the process.
- ClickFix Scams: Under the pretext of fixing a computer issue, victims are duped into pasting dangerous code into their systems, granting attackers access.
- Fake Captchas: Mimicking security checks, these scams plant malicious text on a user’s clipboard, ready to be executed.
- Fake Updates: Disguised as critical updates, these scripts give attackers administrator privileges.
These techniques highlight how social engineering remains a core weapon in the cybercriminal arsenal. As Siggi Stefnisson, Gen’s Cyber Safety CTO, puts it:
“Our consistent focus is to empower people with the tools they need, such as the Norton Genie scam detector, so they can protect their digital lives as threats evolve.”
Malware and Ransomware Surge
While scams dominate the landscape, data-theft malware and ransomware are on the rise too. Data stealers, led by Lumma Stealer, saw activity soar by 1154% this quarter. Delivered via fake tutorials, these programs target sensitive information like crypto wallets, login credentials, and browsing history.
Ransomware threats also doubled in prevalence, with the Magniber ransomware exploiting outdated systems like Windows 7 to lock users out of their data. Gen is combatting these threats with tools like the recently launched Avast Mallox Ransomware Decryptor.
Mobile Devices in the Crosshairs
As people increasingly rely on mobile devices for banking and personal transactions, cybercriminals are adapting. Spyware attacks on mobile devices surged by 166%, with a new strain called NGate leading the charge. This malicious software clones bank card NFC data, enabling fraudsters to drain accounts via ATMs and contactless payments.
Banking malware also grew by 60%, with strains like TrickMo and Octo2 gaining traction through malicious SMS (smishing) campaigns. These scams mimic banks or delivery services, urging victims to click harmful links.
AI: The Double-Edged Sword
AI technology is reshaping the cyber battlefield. While cybercriminals use AI to generate realistic deepfakes and hyper-targeted phishing campaigns, defenders are leveraging it for real-time threat detection. Norton Genie, Gen’s AI-powered scam detector, provides users with proactive protection against these evolving threats.
Telemetry from the Norton Genie app reveals the most common scams users faced in Q3/2024:
- Smishing (16.5%)
- Lottery scams (12%)
- General phishing emails (10%)
- Package delivery scams (9.6%)
- Fake invoices (7.7%)
This real-time data helps Gen refine its defences, staying a step ahead of cybercriminals’ increasingly sophisticated methods.
Staying Safe in a Threat-Filled World
Gen’s report is a sobering reminder that no one is immune to cyber threats. The best defence remains proactive: avoiding unsolicited links, using robust security tools like Norton Genie or Avast Mobile Security, and keeping software updated to close potential vulnerabilities.
