The year 2025 was marked by record losses from attacks and fraud in the cryptocurrency universe. In the first half of the year alone, thefts totaled $2.17 billion, surpassing the total value recorded in 2024, according to Chainalysis. Projections indicate that 2025 could end with more than $4 billion in stolen assets, an all-time high.

ESET, a leading company in proactive threat detection, reviews some of the major cases that occurred in 2025 and how seemingly simple vulnerabilities resulted in multimillion-dollar thefts that shook the cryptocurrency market.

This scenario of vulnerability contrasts sharply with the growing institutionalization of the sector, where cryptocurrency ETFs registered record inflows of $5.95 billion and corporate investors like Strategy (formerly MicroStrategy) announced new Bitcoin purchases. The market, however, exposed its security weaknesses. “The BBC noted that the $1.5 billion attack on the Bybit exchange, attributed to hackers linked to North Korea, was the largest in history, thus symbolizing this contradiction: even with regulatory and technical advances, known vulnerabilities continue to be exploited,” comments Camilo Gutiérrez Amaya, Head of the Research Lab at ESET Latin America.

2025 is shaping up to be a year of historic losses for the cryptocurrency market. According to CertiK, the industry lost nearly $2.5 billion to attacks and scams in the first six months of the year alone. Chainalysis, on the other hand, noted that the volume of stolen crypto assets in the same period surpassed the $2.17 billion mark recorded for all of 2024.

At this rate, according to ESET, losses could exceed $4 billion by the end of the year, making 2025 the year with the largest amount of stolen assets in cryptocurrency history.

Vulnerabilities that can lead to multimillion-dollar losses

ESET has analyzed the most significant incidents of the year, illustrating how vulnerabilities of different kinds can result in multimillion-dollar losses:

1. Attacks on exchanges and centralized platforms (CEXs): Among the most emblematic incidents is the attack on Bybit, which resulted in the theft of approximately $1.5 billion worth of Ethereum, the largest ever recorded in cryptocurrency history. In this case, the attackers didn’t directly breach the exchange’s servers, but rather compromised a third-party platform provider, changing the wallet address where the funds were transferred. ByBit thought it was transferring the funds to its own digital wallet, but it was sending everything to the hackers. The sophistication of the operation revealed how chains of trust and external integrations can become entry points for highly specialized criminals.
2. Exploits in DeFi protocols: The Balancer attack, which caused losses of over $100 million, highlighted one of the recurring weaknesses in the DeFi space: errors in the code. A bug in the smart contract allowed unauthorized withdrawals, exposing how small logical flaws can be exploited to compromise an entire protocol. The impact extended to derivative projects, such as Beets Finance, which also reported losses in the millions. These incidents reinforce the importance of continuous and independent audits, a challenge for protocols that prioritize innovation and speed of launch.
3. Phishing scams: While large platforms suffered coordinated attacks, individual users remained the preferred targets. Phishing scams, in which victims are tricked into voluntarily surrendering their credentials, resulted in $410 million in losses, according to Certik. Attacks targeting individuals are estimated to have accounted for 23.35 % of all stolen funds during the period, a sign that social engineering remains as effective as technical intrusions.
4. Historical attacks and bridge vulnerabilities: Although no major bridge-related incidents occurred in 2025, this type of attack remains one of the most destructive. The memory of the 2022 Ronin Bridge breach, in which $600 million was stolen, remains a constant warning. These failures show how the interconnectivity between networks, essential for the scalability of the crypto ecosystem, also expands the attack surface and can turn a single code error into a systemic collapse.

“Recent attacks reveal the increasing professionalization of cryptocurrency-related cybercrime. Even with the growing technical and regulatory maturity of the ecosystem, cybercriminals have shown they remain one step ahead in 2025, improving their methods, exploiting known vulnerabilities, and diversifying their targets. While the industry has matured in terms of regulation, transparency, and infrastructure, many attacks exploited human error, poorly managed integrations, and unaudited code—issues that innovation alone cannot eliminate,” notes Gutierrez Amaya.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela:  https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram @esetla) and Facebook (ESET).

With information and reference image provided by ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada Cybersecurity and cryptocurrencies: advances, risks, and lessons learned in 2025 apareció primero en Bitfinance.

The number of data breaches in 2024, investigated by Verizon, increased by 20 percentage points in the total number of incidents compared to the previous year. ESET, a leading company in proactive threat detection, asserts that prior preparation is significantly important for providing an effective incident response (IR).

Once threats infiltrate a network, time is of the essence, and stopping them before they cause harm is increasingly difficult. According to the latest research, in 2024, adversaries were 22 % faster than the previous year in progressing from initial access to lateral movement (also known as “time to escape”). The average penetration time was 48 minutes, although the fastest recorded attack was almost half that: just 27 minutes.

“A data breach doesn’t have to be as catastrophic as it seems for network defenders, as long as teams are able to respond quickly and decisively to intrusions. While every organization (and every incident) is different, if all members of the incident response team know exactly what they have to do, and nothing is left to chance or improvised, there’s a greater chance of a quick, successful, and low-cost resolution,” says Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Lab.

Guide on how to act during the first 24 to 48 hours

ESET clarifies that no organization is 100% protected or breach-proof, and that if an incident occurs and unauthorized access is suspected, a methodical and rapid response is essential. To this end, a guide on how to act quickly and thoroughly during the first 24 to 48 hours, without compromising accuracy or evidence, is extremely useful:

1. Gather information and understand the scope: The first step is to understand exactly what happened, activate the pre-established incident response plan, and notify the team. This group should include stakeholders from across the company, including human resources, public relations and communications, the legal department, and executive management. They all have an important role to play after the incident.

Next, the scope of the attack is assessed: How did the attacker gain access to the company’s network? Which systems were compromised? What malicious actions have the attackers already taken?

It is essential to document each step and gather evidence, both to evaluate the impact of the attack and for the forensic investigation stage, and even for future legal proceedings. Maintaining the chain of custody ensures credibility should law enforcement or the courts need to intervene.

2. Notify third parties: Once it has been established what happened, it is necessary to inform the relevant authorities.

• Regulators: If personally identifiable information (PII) has been stolen, the appropriate authorities must be contacted under data protection or industry-specific laws. In the United States, for example, action must be taken in accordance with the SEC’s cybersecurity disclosure rules or state-level violation laws.

• Insurance companies: Most insurance policies stipulate that your insurance provider be informed as soon as a violation has occurred.
• Customers, partners, and employees: Transparency builds trust and helps prevent misinformation. It’s best to inform them before the information spreads through social media or news outlets.

• Law enforcement agencies: Reporting incidents, especially ransomware, can help identify larger campaigns or provide decryption tools and intelligence support.

• External experts: It may also be necessary to contact external legal and IT specialists.

3. Isolate and contain: While maintaining contact with relevant third parties, work quickly to prevent the attack from spreading. It is recommended to isolate affected systems from the internet without powering down devices, to limit the attacker’s reach without compromising potentially valuable evidence.

All backups should be taken offline and disconnected to prevent them from being hijacked or corrupted by ransomware. Disable all remote access, reset VPN credentials, and use security tools to block any incoming malicious traffic and command and control connections.

4. Remove and recover: A forensic analysis must be performed to understand the attacker’s tactics, techniques, and procedures (TTPs), from initial entry to lateral movement and (if applicable) encryption or data exfiltration. Any persistent malware, backdoors, fraudulent accounts, and other signs of danger must be removed. Recovery and restoration require removing malware and unauthorized accounts, verifying the integrity of critical systems and data, restoring clean backups (after confirming they are not compromised), and closely monitoring for signs of renewed compromise or persistence mechanisms.

This phase can be used to rebuild systems and strengthen privilege controls, implement stricter authentication, and reinforce network segmentation. Partners offering tools such as ESET Ransomware Remediation can accelerate the process.

5. Review and Improve: Once the immediate threat has passed, it’s time to review obligations to regulators, customers, and other stakeholders (e.g., partners and suppliers). It is necessary to update communications once the scope of the breach is understood, which could include filing a report with regulatory bodies. This initiative should be driven by legal and public relations advisors.

The post-incident review can be a catalyst for resilience. Once the situation has calmed, it is also a good idea to investigate what happened and what lessons can be learned to prevent a similar incident from occurring in the future. A useful step would be to introduce adjustments to the incident management plan or recommend new security controls and employee training.

A strong incident response culture treats each breach as a training exercise for the next, improving defenses and decision-making under stress

“It’s not always possible to prevent a breach, but it is possible to minimize the damage. If your organization doesn’t have the resources to monitor threats 24/7, consider hiring a managed detection and response (MDR) service from a trusted third party. Whatever happens, test your incident response plan, and then test it again. Because successful incident response isn’t just an IT issue. It requires a range of stakeholders from across the organization and external partners working together seamlessly. The kind of muscle memory everyone needs often takes a lot of practice to develop,” concludes Gutiérrez Amaya of ESET Latin America.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela at: https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

With information and images provided by ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada Five key actions to take after discovering a cyberattack apareció primero en Bitfinance.

In July 2024, cybersecurity provider KnowBe4 began observing suspicious activity related to a new employee who started manipulating and transferring potentially harmful files and attempted to run unauthorized software. It was later discovered that he was a North Korean worker who had deceived the company’s human resources team to obtain a remote job. In total, he managed to pass four video conference interviews, as well as a pre-employment background check.

ESET, a leading company in proactive threat detection, analyzes and delves into this scam and warns that no organization is immune to the risk of inadvertently hiring a saboteur.

“Identity-based threats are not limited to password theft or account takeover, but extend to new hires. As AI becomes more adept at falsifying reality, it becomes essential to refine and optimize hiring processes” warns Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Lab.

This type of threat has been present since at least April 2017, according to an FBI alert and tracked as WageMole by ESET Research. According to Microsoft, the US government has discovered more than 300 companies—some of them Fortune 500—that have fallen victim to these types of attacks between 2020 and 2022. The tech giant was forced in June to suspend 3,000 Outlook and Hotmail accounts created by North Korean job applicants.

Furthermore, a US indictment accuses two North Koreans and three “facilitators” of obtaining more than $860,000 from 10 of the more than 60 companies where they worked. ESET’s research team warns that the focus has recently shifted to Europe, including France, Poland, and Ukraine. Google, for its part, has warned that British companies are also being targeted.

Identity theft scams

These scams are possible because fraudsters create or steal identities that match the location of the target organization and then open email accounts, social media profiles, and fake accounts on developer platforms like GitHub to add legitimacy. During the hiring process, they may use deepfake images and videos, or face-swapping and voice-changing software, to disguise their identity or create synthetic ones.

According to ESET researchers, the WageMole group is linked to another North Korean campaign they track as DeceptiveDevelopment. This campaign focuses on tricking Western developers into applying for nonexistent jobs. The scammers ask their victims to participate in a coding challenge or a pre-interview task. But the project they download to participate actually contains Trojanized code. WageMole steals these developer identities to use in their fake employee schemes.

The key to the scam lies with the foreign facilitators

• Creating accounts on freelance websites
• Opening bank accounts, or lending the North Korean worker their own
• Purchasing mobile phone numbers or SIM cards
• Validating the worker’s fraudulent identity during the employment verification process, using background check services. Once the fake worker is hired, these individuals receive the company laptop and install it on a laptop farm located in the hiring company’s country. The North Korean IT worker then uses VPNs, proxy services, remote monitoring and management (RMM), and/or virtual private servers (VPS) to conceal their true location.

“The impact on deceived organizations could be enormous. Not only are they unwittingly paying workers from a heavily sanctioned country, but these same employees often gain privileged access to critical systems. It’s an open invitation to steal confidential data or even demand a ransom from the company” emphasizes the ESET researcher.

In terms of detection and protection, ESET explains how to prevent an organization from becoming a victim

1. Identify fake employees during the hiring process:

• Check the candidate’s digital profile, including social media and other online accounts, for similarities with other people whose identities they may have stolen. They may also create multiple fake profiles to apply for jobs under different names.

• Pay attention to discrepancies between online activity and declared experience: a “senior developer” with generic code repositories or recently created accounts should raise red flags.
• Ensure they have a legitimate and unique phone number, and check that their resume is consistent. Verify that the companies mentioned actually exist. Contact references directly (phone/video call) and pay close attention to employees of staffing agencies.

Since many applicants may use fabricated audio, video, and images, insist on video interviews and conduct them multiple times during the hiring process.

During interviews, consider any claim that the camera is malfunctioning a major red flag. Ask the candidate to turn off background filters to increase the chances of identifying deepfakes (signs might include visual glitches, facial expressions that appear stiff and unnatural, and lip movements that are not synchronized with the audio). Ask questions based on the location and culture of where they “live” or “work,” for example, about local food or sports.

2. Monitor employees for potentially suspicious activity:

• Be on the lookout for red flags such as Chinese phone numbers, the immediate download of RMM software on a newly issued laptop, and work performed outside of normal office hours. If the laptop authenticates from Chinese or Russian IP addresses, this should also be investigated.
• Monitor employee behavior and system access patterns, such as unusual logins, large file transfers, or changes in work schedules. Focus on the context, not just the alerts: the difference between a mistake and malicious activity can lie in the intent.
• Use insider threat detection tools to identify anomalous activity.

3. Contain the threat:

• If a North Korean worker is believed to have been identified within the organization, proceed cautiously at first to avoid alerting them.
• Restrict their access to sensitive resources and review their network activity, limiting this task to a small group of trusted individuals from the IT security, human resources, and legal departments.

Preserve evidence and report the incident to law enforcement, while also seeking legal counsel for the company. “Furthermore, it’s a good idea to update cybersecurity training programs. And ensure that all employees, especially IT recruiters and HR staff, understand some of the warning signs to watch out for in the future. Threat actors’ tactics, techniques, and procedures (TTPs) are constantly evolving, so this advice will also need to be updated periodically. The best methods for preventing fake candidates from becoming malicious informants combine human expertise and technical controls. Make sure you cover all the bases,” suggests Gutiérrez Amaya of ESET.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela: https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

With information and reference image provided by ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada How to detect fake job applicants: corporate espionage with malicious informants apareció primero en Bitfinance.

October marks Cybersecurity Awareness Month, a global initiative to strengthen safe habits in the digital environment. In the Latin American region, cybersecurity risks are specific. According to the latest ESET Security Report 2025, 1 in 4 companies has already suffered a cyberattack in the last year. But it’s not just businesses that are vulnerable, as massive phishing campaigns seek to attract the public and simulate messages from postal companies with supposed delivery problems, or from government agencies communicating nonexistent fines, court summonses, among many other attempts to deceive and generate urgency so that action is taken under pressure.

In this context, ESET, a leading company in proactive threat detection, warns that any user of online services is a target of attack and comments that it is necessary to address some myths that persist about digital security and that can put both personal users and corporate systems at risk.

Security is not just about technology; it is also about process and governance

THE MYTHS:

1. I am not a target because I have nothing of value: It is common for people to believe that cyberattacks only target large companies or public figures. The reality is that any personal data is valuable to cybercriminals, from banking information to email or social media credentials. Digital scams reach millions of ordinary users, regardless of their online profile or relevance.

“Underestimating the risk creates a false sense of security and leads to risky behaviors, such as not enabling multi-factor authentication, using weak passwords, or clicking on suspicious links. These weaknesses are a unique opportunity for attacks that result in data theft, card cloning, account takeovers, or even digital extortion, targeting users who believe they are not targets,” says Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Lab.

2.My antivirus protects me against everything: Antivirus is an important piece of defense, but it doesn’t cover all attack vectors. Social engineering, process failures, poor privilege management, supply chain attacks, and operational visibility gaps are all actions that antivirus alone cannot address.

An example of this occurred in Brazil. The C&M Software case exposed how procedural gaps, a lack of controls, and failures in third-party management allowed resources to be diverted and compromised the organization’s operational security. This demonstrated that security is not just about technology; it’s also about process and governance. Another critical point is that many attacks exploit leaked credentials, human weaknesses, or insecure authorization flows, scenarios in which an antivirus solution fails to prevent the initial intrusion or escalation of access. Therefore, the current defense strategy must be layered.

3. My password is secure, you can use it everywhere: Even if a password is secure, reusing it across multiple services poses a risk. In practice, criminals specialize in automated attacks, such as credential stuffing, where they use leaked email and password combinations to attempt to automatically access other accounts. If the password is the same, access is immediate and silent.

On the other hand, password reuse makes scams like phishing and account takeovers more effective, because cybercriminals can combine information from different services to trick users more convincingly. Even if a platform has strong protection, using the same password on a website with weak security replicates the risk.

“Relying exclusively on strong, unique passwords creates a false sense of security and leaves users vulnerable to hacking, identity theft, and financial fraud. Effective protection requires not only strong passwords, but also a combination of multi-factor authentication, monitoring for suspicious activity, and good credential management practices,” adds Gutiérrez Amaya of ESET.

4. My phone is safe, I only have to worry about my computer: Many people believe their smartphones or tablets are protected because they are smaller or more modern devices, and that cyberattacks don’t affect them. Mobile devices are frequent targets for sophisticated scams, and the risks increase as personal, financial, and professional information is concentrated on them. Effective mobile defense involves strong passwords, multi-factor authentication, being wary of suspicious apps and links, regular updates, and paying attention to unexpected phone calls.

In addition to phishing, vishing, and other social engineering cases, devices—both Android and Apple—are also targets for malware distribution, with fake apps and system vulnerability exploitation that can compromise the device even without direct user interaction. In fact, malicious apps have been identified in the past as remaining undetected in official Google stores for a considerable amount of time. Or, towards the end of 2023, an increase in Android lending apps was noted, which were nothing more than entry points for spyware.

5. Cybersecurity is the sole responsibility of the IT sector: Every user has an essential role in protecting data and systems. Anyone who adopts good practices contributes to strengthening the security of the entire organization or online community. Simple habits such as checking links before clicking, maintaining strong and unique passwords, enabling multi-factor authentication, and reporting suspicious activity create effective barriers that complement IT technologies and policies.

The more each person acts consciously, the more resilient the digital ecosystem will be

“When we all get involved, collective awareness becomes a powerful defense, capable of preventing scams, fraud, and invasions, protecting personal and corporate information, and the digital community as a whole. The more each person acts consciously, the more resilient the digital ecosystem will be. It’s important to remember that cybersecurity is everyone’s responsibility, and small habits make a big difference,” concludes the ESET Latin America researcher.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventive information, it is also available in Venezuela: https://www.eset.com/ve/, and on its social media @eset_ve. Also available on Instagram (@esetla) and Facebook (ESET).

With information and reference images provided by ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada Cybersecurity myths that can put you at risk: ESET analyzes 5 common ones apareció primero en Bitfinance.

The Discord messaging platform, used by more than 200 million people each month, confirmed last Friday that it was affected by a security incident in its customer support service, managed by a third party. The third-party provider suffered an extortion attack, similar to ransomware, in which attackers accessed sensitive data and demanded a ransom to retain the stolen information.  ESET, a leading company in proactive threat detection, is analyzing the incident, which affected users who had interacted with customer service and trusted and safety representatives.

Among the leaked and compromised data were identity documents, partial credit card details, and payment history.

According to the incident notification that Discord sent to affected users and made public on its website, the attackers did not access the most sensitive information, such as physical addresses, full credit or debit card details, or authentication data. “Nor did they access messages other than those exchanged with the customer support center,” they detailed.

While it is asserted that the cybercriminal group did not have direct access to the platform’s servers, ESET maintains that the case demonstrates how a service with high security standards can be weakened at one of the links in its supply chain.

Third-party services and their weaknesses, explains Jake Moore, ESET Global Security Advisor, “are more difficult to monitor and control, and they often store sensitive information, so they are becoming common targets for cybercriminals.”

A security incident reportedly occurred on September 20, which is still under investigation. Since October 3, the platform began notifying each affected party about the breach and has issued a statement alerting the community at large.

Data affected and/or compromised

According to the information published by Discord, the compromised data includes:

• Usernames, email addresses, and contact information.
• Payment information, such as the last four digits of card details and purchase history.
• IP addresses.
• Messages and attachments sent to customer service, or inquiries to members of the platform’s trust and safety department.
• Corporate information, such as training materials and internal presentations.

According to the same alert, the data accessed by cybercriminals includes “a small number” of identity documents, such as driver’s licenses or passports, which are often requested to verify a Discord member’s age. While the volume of these leaked documents is not detailed, the platform assures that the incident notification email specifies this information for each affected user. This means that if you receive an email notifying you of the data breach, it will clarify which data was compromised.

“The recommendation for any user of the platform who has been affected, or who uses Discord, is to pay special attention to any communication that appears to originate from Discord, as the possibility of data being used in targeted phishing campaigns is higher. Cybercriminals may not only leverage the leaked information, but also the news of the leak to use that excuse or bait to launch a specific campaign targeting users of the platform—even if they were not the targets of this latest leak,” warns Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Lab.

Regardless of whether you were notified or not, ESET assures that this is a good opportunity to review some recommendations that may be essential in the event of incidents like this:

• Check if you have two-step verification enabled on your account. This provides an additional layer of protection against login credentials leaks.
• Review payment transactions if you use Discord Nitro or other paid services.

Importance of strengthening the supply chain (be careful with suppliers)

At the time of this publication, and according to an article on the specialized website BleepingComputer, the Scattered Lapsus$ Hunters (SLH) ransomware group had initially claimed responsibility for the attack, although they later told that outlet that the attack was carried out by another group with ties to SLH.

“These types of incidents at third-party suppliers are a reminder of the importance of strengthening the supply chain. A robust cybersecurity policy must include and address all the links that make up the supplier network. It is also key for users to understand the importance of staying informed and alert to incidents that could compromise the security and privacy of their data, and to remember the basic measures they can take to address them, or at least be better prepared for these types of situations, which are becoming more frequent,” concludes Gutiérrez Amaya of ESET.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventive information, it is also available in Venezuela: https://www.eset.com/ve/, and its social media channels @eset_ve. Also available on Instagram (@esetla) and Facebook (ESET).

With information and reference images provided by ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada Discord suffered data breach due to vendor attack: ESET analyzes it and comments apareció primero en Bitfinance.

Cybercriminals have found that using artificial intelligence allows them to enhance their scams, making their deceptions more realistic and harder to detect. Recently, fake videos have surfaced impersonating internationally renowned figures, such as Lionel Messi or the CEO of a major organization.  However, these scams also occur on a smaller scale, such as targeting a school principal in the United States. ESET, a leading proactive threat detection company, reviews some of the cases where deepfakes were the main tool used in scams that resulted in millions of dollars in losses or the compromise of sensitive information.

Deepfake is an artificial intelligence-based technique for synthesizing human images to create fake content from scratch, using existing videos or even just a still image. They are designed to replicate the appearance and voice of a real person.

“With the evolution of Artificial Intelligence, these videos and audio recordings seem increasingly real. Many exploit the image of public figures or well-known entities to say something false, as part of a scam that aims to obtain money or sensitive information,” says Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Lab.

ESET compiled amazing, truly real, and recent cases

Lionel Messi: The Argentine football player is one of the most recognized personalities worldwide. In this case, cybercriminals exploited his popularity to carry out a deepfake scam, promoting an app that promised suspiciously high and irresistible earnings. The app in question was called “Wildcat Dive,” and in the fake video, Messi claimed it was one of his main sources of income and that it had helped many people earn money. Through advertisements on the social network Instagram, the cybercriminals distributed snippets of a fabricated interview, which was based on a real interview the footballer had given to a well-known Argentine streaming program.

Arup: In early 2024, the architectural firm that designed the Sydney Opera House and the Etihad Stadium, Arup, made headlines when a financial employee at the company’s Hong Kong office received a video call from (allegedly) the company’s CFO. The result of the meeting was 15 transfers totaling over $25 million. The bad news is that it was actually a deepfake, so the transfers had not been approved by anyone in the company.

Ferrari: In this case, cybercriminals attempted a deepfake voice scam, impersonating Benedetto Vigna, the CEO of the automotive company. In July 2024, using voice imitation, they tried to convince the company’s finance executives to make a large money transfer. One of the employees became suspicious and asked a question that the AI ​​used in the scam could not answer correctly. Not only did this attack fail, but it prompted Ferrari to reinforce its employee training to prevent similar scams in the future.

WPP: One of the world’s largest advertising companies was also the target of a scam attempt involving a deepfake. In mid-2024, cybercriminals used a fake WhatsApp account, a voice recording, and YouTube footage of a virtual meeting to impersonate the company’s CFO, Mark Read. The malicious actors organized a meeting via Microsoft Teams, under the pretext of creating a new company, and used this as a lure to obtain money and sensitive personal data from the company. According to WPP, this attack was unsuccessful thanks to the company’s vigilance and the training its employees received to detect these scams.

School in Baltimore: Not only high-profile companies are targeted by deepfakes. In this case, a school principal was heard making racist and antisemitic comments. The incident went viral (over 2 million views) and resulted in death threats against the educator. After an investigation, local police confirmed that the audio was a fake, manipulated with AI.

Elon Musk: A cryptocurrency investment scam used Elon Musk’s image to spread ads on X and YouTube, promoting supposed investment opportunities that promised high returns on Bitcoin. The ads included a link to a fraudulent website where unsuspecting users were asked to make initial deposits to participate in the alleged investment. According to the US Federal Trade Commission, the scam, which included deepfakes, resulted in losses of over $80 million for more than 7,000 victims who believed in the supposed investment.

President Zelensky: Politics was also affected by deepfake scams. In March 2022, during the conflict between Russia and Ukraine, a fake video circulated showing Ukrainian President Volodymyr Zelensky urging his troops to surrender. The president responded almost immediately with a genuine video posted on his official channels.

While deepfake scams are becoming increasingly realistic and difficult to detect, ESET shares some best practices to reduce the risk of falling victim to these types of scams

• Be wary of eye-catching advertisements that offer an opportunity for easy and unrealistic gains. Also be suspicious of those that feature well-known celebrities.
• Pay attention to the video quality: if there are visual glitches, poor synchronization, or low resolution, it is likely a deepfake.
• Use security software on all devices to help block fake websites and emails containing malicious content.
• For businesses, it is important to not authorize payments solely based on a phone call or video call. Consider using keywords or internal codes as an additional verification method.
• Continuous training is essential: being trained to recognize the warning signs of deepfakes and scams is another key practice.
• Take advantage of the tools currently available to detect deepfakes and combat misinformation.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For additional useful preventative information, visit ESET’s website in Venezuela: https://www.eset.com/ve/, and follow them on social media @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

Information and images courtesy of ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada ESET reports and summarizes 7 shocking real-life cases of scams using deepfakes apareció primero en Bitfinance.

Faced with financial doubts and concerns, it’s no surprise that people are looking for alternatives to make their money go further. This leads users with little investment experience to become interested and take their first steps. ESET, a leading company in proactive threat detection, warns that scammers are taking advantage of this curiosity or need with increasingly sophisticated scams on social media. It also warns that AI-powered scams produce fake ads, deepfakes, and promises of profits that seek to deceive even the most cautious users.

“Could you distinguish between a real investment ad and a fake one? It’s becoming increasingly difficult to do so. Threat actors today have various tactics to make their scams more credible, including deepfake videos generated with artificial intelligence. While there are many tactics, techniques, and procedures (TTPs) associated with this type of fraud, most begin with malicious or deceptive ads circulating on social media. They are often used as a lure to trick the victim, either into providing personal information or directly directing them to an investment scam,” says Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Lab.

According to the FBI, investment scams have been the main source of income for cybercriminals for several years. At last count, they earned nearly $6.6 billion, and that’s just from crimes reported to the federal government. This figure dwarfs the $2.8 billion earned by the second-largest scam, business email compromise (BEC).

An example of this type of campaign was identified in June 2025, when Instagram ads impersonated legitimate banks. Some used tempting offers, such as high-interest accounts, in an attempt to persuade the victim to click and enter their banking information. In other cases, they used deepfake Instagram stories featuring banking investment strategists to collect personal information and/or lure them into WhatsApp groups about investment scams. A 2024 campaign spread a fake video of Lionel Messi to promote supposed investments through an app that promised high returns.

Also in 2024, ESET observed the Nomani Trojan campaign. The ad content and the phishing websites they linked to were designed to impersonate local news outlets and other organizations. Or, it could be a generic financial-themed visual with frequently changing names like “Quantum Bumex, Immediate Mator, or Bitcoin Trader.” Some of the characteristics of the Nomani campaign (and other similar campaigns) include:

• Highly localized content to attract specific regional victims.
• Distribution via fake ads on Facebook, Instagram, X, YouTube, as well as Messenger and Threads.
• Deepfake video testimonials potentially using celebrities, often displayed in low-quality videos and with unnatural keyword repetition.
• Use of fake and hacked accounts to run the ads (including, in one case, an actor with 300,000 followers).
• Shared templates and callbacks pointing to the same hosting infrastructure.

In this campaign, according to ESET, the intended objective is to persuade the victim to provide their personal information, which the scammers use to contact them directly. They use this method to trick them into signing up for an investment scam, taking out a loan, or even installing remote access software on their device. ESET observed a 335% increase in Nomani threats between H1 and H2 2024, and blocked more than 8,500 related domains.

While these techniques seem like clear indicators of fraud, they can be much more difficult to detect, especially if you are looking for opportunities to alleviate financial pressures. ESET states that the continued effectiveness of these types of scams, such as fraudulent financial ads, is due to the following:

• Times are tough, and the prospect of quick and easy financial gain is attractive.
• Attention spans are decreasing, especially on mobile devices, so warning signs may not be detected in time.
• Many people are unfamiliar with the latest threat TTPs, such as the use of deepfake videos, which makes them more vulnerable.
• Many of these threats are localized, use legitimate (hijacked) accounts, and can appear at the top of search results.
• Banks’ traditional anti-fraud mechanisms often don’t work if the manipulation is also carried out socially via telephone to invest in a fraudulent scheme.

Investment scams are very common, and ESET points out that it’s necessary to pay attention to these warning signs

• Flashy ads (which may leverage legitimate brands) offering returns that are too good to be true or unusually high interest rates.
• Celebrity endorsements are often the hook to give the product a certain legitimacy. Always check if the endorsement is legitimate.
• Videos that don’t look entirely right, for example, with visual glitches, poor audio and video synchronization, low resolution, or robotic or overly polished voices.
• Pressure to act quickly and secure the investment.
• Guaranteed return on investment.

They also advise staying alert to warning signs, resisting the temptation to click on ads about finance or investments, even if they appear to be promoted by legitimate brands and individuals, searching online for reviews of a specific investment plan or group to verify their authenticity, not investing in financial products without having thoroughly researched them and understanding how they work, ignoring any unsolicited third-party offers, never sharing personal and/or financial information after clicking on an online ad, and always checking the information circulated with the supposedly issuing entity through official channels. Finally, use security software on all your devices from a trusted provider like ESET, which will help block scams.

“In times of economic uncertainty, it’s understandable that we look for alternatives to improve our financial situation. But scammers are exploiting this very need with increasingly sophisticated tactics. Therefore, being wary of what’s easy, recognizing the warning signs, and protecting your personal data is essential to avoid falling for this type of scam,” concludes the ESET researcher. ESET invites you to learn more about cybersecurity by visiting:  https://www.welivesecurity.com/es/.

For other useful preventive information, it is also available in Venezuela:  https://www.eset.com/ve/, and on its social media channels @eset_ve. Also, available on Instagram (@esetla) and Facebook (ESET).

Bitfinance.News

With information and reference image provided by ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada Investor scams on social media are on the rise with the help of artificial intelligence apareció primero en Bitfinance.

Credential stuffing is a type of cyberattack in which malicious actors use leaked usernames and passwords to log in to accounts and services other than the one that was leaked. The success of these attacks relies on the habit of reusing the same password for different accounts or services. Therefore, if a password is leaked, attackers only need to try it on other sites where the user already has an account, since if there is a match, they gain access without needing to breach the system. ESET, a leading company in proactive threat detection, analyzes what a credential stuffing attack looks like, why they’re so effective, what their consequences can be, and how to avoid them.

“Repeating passwords is like using the same key to open your house, car, office, and safe. Paying attention and managing passwords properly is as important as locking your front door. Simple habits can make a difference: avoiding password reuse, enabling two-factor authentication, and using a secure password manager are practices we need to incorporate to stay protected against this type of threat and many others,” says Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Lab.

The start of a credential stuffing attack is when a cybercriminal obtains leaked credentials. These are triggered by data breaches from important and well-known companies and organizations, and involve the exposure of millions of data points.

With this sensitive information available, and using bots or automated scripts, these passwords are tested on various sites, accounts, or services (such as Netflix, Gmail, banks, social networks, among others). Thousands of logins are tested per minute.

If a match is found, the accounts are logged in. This login would be identical to that of the legitimate user, making it difficult to detect, as there is no suspicious activity, such as repeated failed attempts.

To better understand the impact of these attacks, ESET reviews two specific cases that show how credential stuffing can compromise thousands of accounts

• PayPal case: Between December 6 and 8, 2022, PayPal suffered a credential stuffing attack that compromised nearly 35,000 accounts, exposing sensitive information such as names, addresses, dates of birth, and tax identification numbers.
• Snowflake: More than 165 organizations were affected when attackers accessed Snowflake utilizando credenciales robadas mediante malware tipo infostealer. Although Snowflake’s infrastructure was not directly compromised, attackers took advantage of the lack of multi-factor authentication and the use of old passwords.

“Large data breaches are the primary way cybercriminals obtain these credentials, and they are occurring more frequently than expected,” adds the ESET specialist.

In June 2025, another example was a series of databases totaling 16 billion records that were hosted in misconfigured repositories that were left exposed and public. Although the exposure was temporary, it was enough for researchers, or anyone else, to access the data, which included username and password combinations for online services such as Google, Facebook, Meta, Apple, and other accounts.

But it wasn’t the only one of the year: in May, security researcher Jeremiah Fowler revealed the public exposure of 184 million login credentials for users’ accounts around the world. This included information from various email server providers, Apple products, Google, Facebook, Instagram, Snapchat, and Roblox, to name just the most well-known. Not only that: the records included credentials from banks and other financial institutions, healthcare platforms, and government portals from several countries.

To avoid a credential stuffing attack, ESET recommends several actions

1. Essential: Do not reuse the same password across different accounts, platforms, and services.
2. Have strong, secure, and unique passwords for each account. For this purpose, a password manager is very useful. This tool is designed to store login credentials and protect them through encryption, and also includes a dedicated feature for generating complex and strong passwords.
3. Enable doble factor de autenticación on as many accounts and services as possible. This second factor is key if a password falls into the wrong hands, as a cyberattacker won’t be able to access the accounts without it.
4. Check if passwords or login credentials have already been leaked in a data breach, and change them immediately. For example, visit the website haveibeenpwned.com.

ESET invites you to learn more about computer security by visiting: https://www.welivesecurity.com/es/.

For other useful preventive information, it is also available in Venezuela: https://www.eset.com/ve/, and its social media channels @eset_ve. Also available on Instagram (@esetla) and Facebook (ESET).

With information and main image provided by ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada Credential stuffing: the risk of repeating passwords and how to protect yourself apareció primero en Bitfinance.

Apple’s control over its ecosystem of devices and apps has historically been strict. Additionally, several built-in security features, such as strong encryption and containerization, help prevent data leakage and limit the spread of malware. However, in addition to all this, ESET, a leading company in proactive threat detection, warns in this extensive analysis that risks are not completely eliminated, as everyday scams and other threats also bombard iOS users… and while some are more common than others, they all demand attention.

“The fact that iOS apps typically originate from Apple’s official App Store and must pass strict testing for approval has avoided security and privacy headaches over the years. However, the recent EU antitrust law, known as the Digital Markets Act (DMA), seeks to give iOS users the option of using third-party app marketplaces. This will present new challenges for Apple in protecting iOS users from potential harm and for those who use its products, as they will need to be more aware of threats. This change in the rules of the game will undoubtedly be exploited by cybercrime,” comments Camilo Gutiérrez Amaya, Head of the ESET Latin America IT Security Lab.

ESET has also studied and offers its opinion on other, possibly more immediate, threats targeting iOS users worldwide:

Jailbroken devices: Deliberately jailbreaking a device to allow what Apple calls “unauthorized modifications” could violate the Software License Agreement and disable some built-in security features, such as Secure Boot and Data Execution Prevention. The device will no longer receive automatic updates. And being able to download apps from outside the App Store exposes you to malicious and/or buggy software.

Malicious apps: While Apple does a good job of vetting apps, it isn’t 100 % accurate. Malicious apps recently detected on the App Store include: A fake version of the LastPass password manager designed to harvest credentials; a screenshot-reading malware dubbed “SparkCat,” disguised as artificial intelligence and food delivery apps; as well as a fake crypto wallet app called “Rabby Wallet & Crypto Solution.”

Downloading apps from websites: As detailed in the latest ESET Threat Report, progressive web apps (PWAs) allow direct installation without requiring users to grant explicit permissions, meaning downloads could go unnoticed. ESET discovered this technique used to disguise banking malware as legitimate mobile banking apps.

Phishing/Social Engineering: Phishing attacks via email, text (or iMessage), and even voice are common. They impersonate legitimate brands and trick users into providing their credentials, clicking on malicious links, or opening attachments to trigger malware downloads. Apple IDs are among the most valuable logins, as they can provide access to all data stored in an iCloud account and/or allow attackers to make iTunes/App Store purchases. ESET advises caution with:

• Fake pop-ups claiming the device has a security issue
• Fraudulent phone calls and FaceTime calls impersonating Apple Support or partner organizations
• Fake promotions offering freebies and sweepstakes
• Calendar invitation spam with phishing links

As an example, in a highly sophisticated campaign, threat actors and attack planners used social engineering techniques to trick users into downloading a mobile device management (MDM) profile that would allow them to control the victims’ devices. They then deployed the GoldPickaxe malware, designed to collect facial biometric data and use it to bypass banking logins.

Risks of public Wi-Fi networks: A public Wi-Fi hotspot can be a fake access point created by threat actors to monitor web traffic and steal sensitive information, such as banking passwords. Even if the access point is legitimate, many don’t encrypt data in transit, meaning hackers with the right tools could see the websites you visit and the credentials you enter. That’s why ESET recommends using a VPN, which creates an encrypted tunnel between your device and the internet.

Vulnerabilities: While Apple puts a lot of time and effort into ensuring its code is free of vulnerabilities, sometimes flaws occur in production. In these cases, hackers can take advantage if users haven’t updated their device, for example by sending malicious links in messages that trigger an exploit if clicked.

• Last year, Apple was forced to patch a vulnerability that could allow attackers to steal information from a locked device using Siri voice commands.
• Sometimes, threat actors and commercial companies themselves research new (zero-day) vulnerabilities to exploit. Although rare and highly targeted, attacks that exploit these vulnerabilities are often used to covertly install spyware to spy on victims’ devices.

Prevention and protection are necessary and wise

While malware lurks on iOS devices, it is also possible to minimize exposure to threats. ESET shares the following key tactics:

• Keep iOS and all apps updated. This will reduce the window of opportunity for threat actors to exploit any vulnerabilities in older versions to achieve their goals.
• Always use strong, unique passwords for all accounts, perhaps using the ESET Password Manager for iOS, and enable multi-factor authentication if offered. This is easy on iPhones, as it will require a simple Face ID scan. This will ensure that even if attackers obtain the passwords, they won’t be able to access the apps without scanning the user’s face.
• Enable Face ID or Touch ID to access the device, backed up with a strong password. This will keep the iPhone secure in case of loss or theft.
• Do not jailbreak the device, for the reasons mentioned above. Your iPhone would be less secure.
• Be wary of phishing. This means treating unsolicited calls, texts, emails, and social media messages with extreme caution. Do not click on links or open attachments. If you really need to do so, verify separately with the sender that the message is legitimate (i.e., not responding to the information contained in the message). Look for signs of social engineering, such as grammatical and spelling errors, an urgency to act, gifts and offers that are too good to be true, or domains (from the sender) that don’t match the supposed sender.
• Avoid public Wi-Fi networks. If you must use them, do so with a VPN. At the very least, don’t log into any valuable accounts or enter sensitive information on public Wi-Fi.
• Try to limit any downloads to the App Store to minimize the risk of downloading something malicious or risky.
• If you think you might be a target of spyware (often used against journalists, activists, and dissidents), activate blocking mode.
• Pay attention to the telltale signs of a malware infection, which could include slow performance, unwanted ad pop-ups, an overheating device, new apps appearing on the home screen, or increased data usage.

“While the Apple iPhone remains one of the most secure devices available, this doesn’t mean it’s free from threats. Staying alert, knowing the potential risks, and taking the necessary protective measures help keep your information and devices safe,” concludes Gutiérrez Amaya of ESET Latin America.

For more preventive information on cybersecurity, you can visit the ESET website: https://www.eset.com/ve/ and its social media channels @eset_ve. Also visit Instagram (@esetla) and Facebook (ESET). Or visit https://www.eset.com/latam.

With information and reference image provided by ESET and Comstat Rowland.

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada How secure is your iPhone?: ESET analyzes, explains, and makes recommendations apareció primero en Bitfinance.

It’s no surprise that Artificial Intelligence has revolutionized the world, and that cybercriminals have taken advantage of all this potential to create highly realistic and sophisticated targeted social engineering attacks. Techniques involving voice cloning to impersonate family members, friends, or acquaintances are on the rise, with the aim of obtaining private information or even money from their victims. ESET, a leading company in proactive threat detection, analyzes the methodology used by attackers in these types of scams, how they can affect people, and how we should avoid becoming victims.

Cybercriminals take small fragments of a real recording and, using Artificial Intelligence (AI) and voice patterns, create conversations and phrases to carry out their deceptions, with consequences that are as serious as they are costly. These samples are obtained from voice recordings or videos posted on social media platforms like Instagram or TikTok.

To measure the impact, the United States Federal Trade Commission reported that in 2023, the United States lost $2.7 billion due to scams alone. Along these lines, Starling Bank (a British online bank) warned about the prevalence of these types of scams in the United Kingdom. The survey of more than 3,000 people revealed that more than a quarter of adults say they have been the victim of an AI voice cloning scam at least once a year. Furthermore, 46 % of respondents stated they were unaware such scams existed.

The growing number of scams involving Artificial Intelligence led the FBI to issue a statement warning people: “Attackers are leveraging AI to create highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. These sophisticated tactics can result in devastating financial losses, reputational damage, and the compromise of sensitive data,” the US investigative agency noted.

ESET recommendations

ESET warns that when faced with these types of scams involving social engineering, the first advice is to remain highly alert. This means paying special attention to unexpected messages that urgently request money or account credentials. Similarly, call back a family member or friend using a known phone number.

Another measure suggested by the ESET research team is to have a “safe phrase,” agreed upon in advance by family and friends, to verify whether the person on the other end of the line is who they claim to be.

It’s also very important to implement multifactor authentication whenever possible. It’s about adding an extra layer of security to prevent cybercriminals from accessing our accounts and systems.

“For companies, beyond combining solutions to reduce the number of phishing emails, calls, and messages that reach their employees, it’s essential to educate and raise awareness among their teams so they can detect scams and avoid falling into the trap,” commented Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Lab.

Contact information for ESET, a digital and IT security specialist and source of this information and recommendations: https://www.eset.com/ve/.

Also available on social media: Instagram (@esetla) and Facebook: (ESET).

With information and reference images provided by ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada Scams leveraging voice cloning with Artificial Intelligence are on the rise apareció primero en Bitfinance.