CloudSEK, a prominent cybersecurity firm, has recently uncovered a sophisticated scam involving deepfake videos that exploit the likeness of famous personalities to promote fraudulent mobile gaming apps.
Using cutting-edge artificial intelligence (AI), the company has developed a new deep fake detection tool to identify and combat scams targeting users in multiple countries.
Deepfake scam explodes
CloudSEK’s investigation revealed that scammers create fake videos featuring well-known celebrities endorsing a mobile gaming app called Aviator.
Personalities such as Indian business tycoon Mukesh Ambani, cricket star Virat Kohli, Olympic athlete Neeraj Chopra, and international figures like Cristiano Ronaldo, Ryan Reynolds (as Deadpool), and YouTube sensation Mr. Beast are falsely portrayed promoting the app.
These videos claim users can make substantial financial gains with minimal investment by playing the game, enticing users into downloading the app. For instance, a deepfake video shows Mr. Beast in a fictitious advertisement aimed at the African market, encouraging users to invest small amounts, like 1,000 Kenyan shillings, to earn large sums through the game potentially.
Virat Kohli has been one of the most frequently targeted celebrities for these deepfake campaigns in South Asia, with videos falsely promoting the app to unsuspecting audiences.
Using deep fake news anchors and journalists
The scammers have also manipulated respected news anchors and channels to lend credibility to the fraudulent scheme. Fake news broadcasts from trusted platforms like Aaj Tak, Republic TV, Zee News, and ARY News create the illusion of legitimacy, fooling viewers into believing that the mobile app is a genuine opportunity to earn money.
What began as a scam targeting the European Union in early September 2024 has expanded across multiple regions, including India, Pakistan, Nigeria, Bangladesh, Saudi Arabia, and Southeast Asia.
Interestingly, despite the initial targeting, no deepfake scams were detected in the EU during CloudSEK’s investigation.
Phishing tactics and fake Google Play Store links
One of the most deceptive aspects of the scam is the use of phishing links that mimic the Google Play Store. Users are tricked into believing they are downloading the app from a legitimate source, only to be redirected to fraudulent phishing pages. Domains like “avatarsky[.]one” are used to impersonate the Play Store, and fake apps install malicious software on victims’ devices, displaying real-time statistics and offering payment options through UPI and cryptocurrency to lure users further into the trap.
CloudSEK’s research found that over 1,000 phishing domains are registered daily, predominantly using the .top domain and originating from Belize. These domains are hosted by an ISP known as IQWeb FZ-LLC, and the scammers offer various payment methods, including bank transfers and cryptocurrency transactions in Bitcoin, Monero, Ethereum, and others.
Deepfake detection tools to the rescue
At the heart of CloudSEK’s efforts to combat this scam is its new free-to-use deep fake detection tool. This tool has been crucial in identifying how cybercriminals use deep, phony technology to exploit high-profile individuals and deceive users worldwide. CloudSEK’s AI-driven tool offers a robust defense against the rise of deep fake scams, empowering users to detect fraudulent content before they fall victim.
With cybercriminals continually evolving their methods, CloudSEK’s deep fake detection technology represents a significant step forward in tackling the growing threat of deep fake scams and protecting users from falling prey to these highly sophisticated traps.
