- Gen Q3 Threat Report reveals ‘Scam Yourself’ attacks saw a huge rise
- 614% increase in social engineering scam
- Ransomware and crypto scams are also claiming more victims
The last few months have seen a worrying escalation in ransomware, malvertising, infostealers, and crypto scams, new research has claimed.
The Gen Q3 Threat Report has revealed a major rise in ‘Scam Yourself Attacks’, a type of social engineering tactic tricking users into compromising their own systems, which saw a staggering 614% rise quarter over quarter.
The ‘scam yourself’ term covers a number of threats, including FakeCaptcha, fake tutorials, and ClickFix scams. The familiarity of Captcha uses ClickFix to trick unsuspecting victims into running malicious scripts and downloading malware.
How to: download malware
YouTube tutorials are being used by cybercriminals to encourage users to download malware under the guise of installing software. Security vendors and antivirus software should detect this, even if the user is the one who clicks, copies, and executes the threat.
However, as part of the tutorial, many users are prompted to turn off their antivirus controls – which is what makes this attack so alarming.
Alongside these threats , the report outlines a 24% increase in ransomware attacks from the previous quarter, which echoes reports from earlier this year which revealed such incidents are soaring to new highs around the world.
The rise of Lumma stealer, a Malware-as-a-Service, has fueled a 39% rise quarter of quarter in infostealer activity. These attacks are gaining prominence thanks to their ability to bypass protections, the report states.
Crypto scams also saw a spike in activity thanks to evolving deepfake technology which exploits media events, which is something we have seen on the rise in recent months. The growingly convincing fake videos can attract huge audiences and leverage the likenesses of well known figures and celebrities and encourage viewers to invest in fake crypto schemes.