Gen Reports 614% Rise in Command Prompt Manipulation Scams

Share
Gen research identified a significant increase in attacks where cybercriminals exploit human behaviour
Cybersecurity firm Gen’s Q3 report reveals surge in social engineering attacks where users unwittingly install malware through fake software tutorials

Social engineering attacks targeting technology users have reached record levels in 2024, as cybercriminals shift their focus from technical exploits to psychological manipulation. These attacks, which exploit users’ willingness to follow online instructions and tutorials, reflect a shift in the cybersecurity landscape, where attackers increasingly target human behaviour rather than technical vulnerabilities. 

With this approach proving effective as users seek online solutions for software and technical problems – and often encountering malicious content disguised as legitimate help – Gen, the cybersecurity company behind Norton and Avast antivirus software, has documented a significant increase in attacks where cybercriminals exploit users’ technical problem-solving instincts to compromise their systems.

Norton Genie data shows evolution of social engineering

The company's Q3 2024 threat report identifies a 614% increase in what it terms ‘scam-yourself attacks’, where users are manipulated into entering malicious code into their command prompts – a text-based interface used to execute commands on a computer system.

Siggi Stefnisson, Cyber Safety CTO at Gen

“In July through September, scams continued to dominate the threat landscape, while data-theft abusing malware and ransomware also increased rapidly,” says Siggi Stefnisson, Cyber Safety CTO at Gen.

These attacks frequently manifest through YouTube tutorials that promise free versions of paid software, fake technical support guides that prompt users to input harmful commands, and fraudulent CAPTCHA verification systems – the verification boxes that ask users to identify images or text to prove they are human.

The fraudulent tutorials often include fake software update notifications that guide users to paste malicious scripts into their systems, granting attackers administrative privileges.

Gen, which owns consumer cybersecurity brands including Avast, LifeLock, Avira, AVG, ReputationDefender and CCleaner, serves nearly 500 million users across 150 countries.

Lumma Stealer leads surge in information theft

The report identifies a 39% increase in data stealing malware, with one variant called Lumma Stealer – software designed to harvest sensitive information including passwords and cryptocurrency wallet data – showing an 1,154% increase in deployment.

Key facts
  • 614% rise in "scam-yourself attacks" in Q3 2024
  • 1,154% increase in Lumma Stealer malware deployment
  • 166% growth in mobile spyware targeting screen activity

Gen’s research found that ransomware attacks have doubled their risk ratio – a metric measuring potential impact per user. The Magniber strain emerged as the primary ransomware threat, with systems running Windows 7 proving particularly vulnerable.

Gen researchers are working with governments globally to combat ransomware by providing free decryption tools for victims – with the company recently releasing a ransomware decrypting tool for Avast Mallox.

Mobile threats target financial services

On mobile devices, spyware capable of recording screen activity increased by 166%. A new strain called NGate emerged, which clones contactless payment data from bank cards to facilitate unauthorised ATM withdrawals.

Youtube Placeholder

Banking malware, which targets banking credentials, rose by 60% quarter-over-quarter. The Rocinante malware family led this trend, accompanied by new variants TrickMo and Octo2.

The report identifies malicious SMS messages as a common delivery method for mobile threats. Avast continues to enhance its mobile-specific defences as consumers increase their reliance on mobile devices for financial transactions.

AI-enhanced defences combat sophisticated threats

Gen reports that cybercriminals are increasingly using AI to enhance social engineering campaigns, including the creation of deepfake content and personalised phishing messages.

Norton’s AI-powered scam detection data reveals that SMS-based phishing attempts, known as smishing, represent 16.5% of detected scams. These messages impersonate banks, delivery services and government agencies. Lottery scams account for 12% of detected threats, while package delivery scams comprise 9.6%. Fake invoices represent 7.7% of detected scams.

In July through September, scams continued to dominate the threat landscape, while data-theft abusing malware and ransomware also increased rapidly.

Siggi Stefnisson, Cyber Safety CTO, Gen

The company's Norton Genie App uses AI to provide real-time threat detection against AI-enhanced deception attempts. This telemetry data enables Gen to refine its protection systems.

"Our consistent focus is to empower people with the tools they need, such as the Norton Genie scam detector, so they can protect their digital lives as threats evolve,” says Stefnisson.


Explore the latest edition of Cyber Magazine  and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 


Cyber Magazine is a BizClik brand

Share

Featured Articles

How The UK’s AI Plan Will Impact The Cybersecurity Sector

The UK’s £14bn AI investment requires enhanced cybersecurity measures as Kyndryl and Vantage Data Centres prepare for infrastructure expansion

Darktrace to Acquire Cado Security in Cloud Defence Push

AI cybersecurity firm Darktrace expands its cloud investigation capabilities through purchase of Cado Security, following recent acquisition by Thoma Bravo

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Managed detection service now protects 26,000 organisations as demand rises for round-the-clock threat monitoring and incident response capabilities

Netskope Data Shows Phishing Success Rate Tripled in 2024

Cyber Security

CrowdStrike Field CTO Warns of Identity-Based Attacks Shift

Cyber Security

Gartner: How to Align Risk Management and Governance in 2025

Operational Security