Hackers have increasingly turned to multimedia attachments in recent years, including images and videos, to deliver malware and execute sophisticated scams.
This trend has evolved significantly, with attackers now using video attachments in multimedia messages (MMS) to promote Bitcoin scams, marking a shift from static images.
In a concerning development reported by Proofpoint security researchers, cybercriminals have evolved their tactics from traditional image-based Bitcoin scams to more sophisticated video-based attacks, dubbed “VidSpam.”
While researchers noted that this new threat vector specifically targets mobile users through multimedia messages (MMS), it’s sharp shift in malware delivery methods.
Evolution of Scams
Image-Based Scams: Initially, hackers used eye-catching images to lure victims into fraudulent schemes promising extraordinary financial returns.
These scams often featured images of successful-looking individuals, fake awards, and promises of daily profits.
The goal was to convince recipients to part with their money by clicking on embedded links or joining investment groups.
.webp)
Video-Based Scams (VidSpam): A new and troubling trend is emerging: video-based abuse, or VidSpam. Attackers are now leveraging small video file attachments to enhance their deception tactics.
These videos are typically lightweight, with sizes as small as 14KB, making them easily accessible on devices with limited storage and slower networks.
Technical details of VidSpam:-
- File Format: The videos are often in the .3gp format, which is ideal for small file sizes and efficient streaming on mobile devices.
- Content: The videos may display static images rather than moving content, aiming to add credibility rather than visually entice users.
- Purpose: The primary goal is to increase the likelihood that recipients engage with embedded content or respond to messages.
.webp)
Scams typically begin with an initial contact where recipients receive a video message containing a link inviting them to join a WhatsApp group.
Once in the group, scammers use high-pressure tactics to extract money or personal information. They may also employ AI-generated multimedia to make their scams more convincing.
To stay protected, always avoid unknown sources by never clicking on links or downloading attachments from unfamiliar senders, report suspicious messages using built-in reporting features on iOS and Android devices, and stay informed about emerging threats while collaborating across the industry to combat evolving scams.
The use of image and video attachments by hackers to deliver malware and execute scams is a growing concern. By understanding the technical details behind these tactics and adopting best practices, individuals can better protect themselves in the digital landscape.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
