{“lastseen”:”2026-05-07T16:05:07″,”description”:”Researchers tracked a large AI\u2011themed investment scam campaign involving more than 15,000 domains. It uses cloaking and deepfakes to hide from security tools while targeting ordinary users.\\n\\nCriminals abused the Keitaro ad-tracking platform as part of a cloaking system so real victims see scam content, while security scanners, ad reviewers, and some random visitors see harmless pages, making the operation hard to detect and shut down.\\n\\nKeitaro is a commercial tracking platform originally meant for digital marketers to manage ad campaigns, test which ads work best, and route visitors to different landing pages.\\n\\nBecause it is feature rich, easy to spin up on regular hosting, and built to filter and route traffic, criminals found they can abuse those capabilities to run scams at scale.\\n\\nTraffic starts in many places. The scammers used compromised websites, spam emails, social media posts, and online ads, all quietly routing through the same tracking infrastructure.\\n\\nThe scam sites typically promise \u201cSmart AI Trading Technology\u201d or \u201cIntelligent Trading Solutions\u201d and claim consistently high returns, often reinforced with deepfake images or fabricated media to look more credible.\\n\\nSome parts of the campaign now use deepfake videos and fake interviews with well-known public figures, making it look like a celebrity, or finance expert personally endorses the platform.\\n\\nOnce you follow a link, the cloaking part of the operation kicks in. Cloaking is the trick that makes these scams so hard to see from the outside.\\n\\nWhen you click an ad or link, your visit passes through a traffic distribution system (TDS), a kind of router for web visitors that decides which page you see. In these cases, the TDS is connected to the tracker.\\n\\nThe system checks things like:\\n\\n * Your country\/region\\n * Your device and browser\\n * Where you came from (Facebook ad, Google ad, email link, etc.)\\n * Sometimes your IP address reputation or other subtle fingerprints\\n\\n\\n\\nYou’re shown the real investment scam landing page only if you match the \u201cideal victim\u201d profile (for example, a regular consumer in a target country coming from a social media ad).\\n\\nEveryone else, like a security researcher, ad platform reviewer, or automated scanner, gets shown a benign page, like a generic blog or placeholder site.\\n\\n## How to stay safe\\n\\nThe best way to stay safe is to stay informed about the tricks scammers use. Learn to spot the red flags that almost always give away scams and phishing emails, and remember:\\n\\n * There is no such thing as a risk-free, consistently profitable investment. If you’re looking to invest, navigate directly to known, regulated financial institutions.\\n * Deepfakes are very convincing nowadays, so you will hardly be able to tell the difference between the real celebrity and their deepfake persona.\\n * Don’t act upon unsolicited investment advice, whether it reaches you by email, social media, or sponsored search results.\\n * Use an up-to-date, real-time anti-malware solution with a web protection component or a reputable tracking and ad-blocker.\\n * Don\u2019t act on impulse or under time pressure. Always properly research where your money will be going.\\n\\n\\n\\nPro tip: Malwarebytes Scam Guard can help you recognize and analyze scams.\\n\\n* * *\\n\\n**Stop threats before they can do any harm.**\\n\\nMalwarebytes Browser Guard blocks phishing pages and malicious sites automatically. Free, one click to install. Add it to your browser \u2192”,”published”:”2026-05-07T14:37:50″,”modified”:”2026-05-07T14:37:50″,”type”:”malwarebytes”,”title”:”Massive AI investment scam network spans 15,500 domains”,”source”:””,”references”:””,”id”:”MALWAREBYTES:464027414A683683CCC98F7C3571E167″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/05\/massive-ai-investment-scam-network-spans-15500-domains”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-07T16:05:07″,”description”:”Researchers tracked a large AI\u2011themed investment scam campaign involving more than 15,000 domains. It uses cloaking and deepfakes to hide from security tools while targeting…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-52137","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n