In a series of Threads posts this afternoon, Instagram head Adam Mosseri says users shouldn’t trust images they see online because AI is “clearly producing” content that’s easily mistaken for reality. Because of that, he says users should consider the source, and social platforms should help with that.

“Our role as internet platforms is to label content generated as AI as best we can,” Mosseri writes, but he admits “some content” will be missed by those labels. Because of that, platforms “must also provide context about who is sharing” so users can decide how much to trust their content.

Just as it’s good to remember that chatbots will confidently lie to you before you trust an AI-powered search engine, checking whether posted claims or images come from a reputable account can help you consider their veracity. At the moment, Meta’s platforms don’t offer much of the sort of context Mosseri posted about today, although the company recently hinted at big coming changes to its content rules.

What Mosseri describes sounds closer to user-led moderation like Community Notes on X and YouTube or Bluesky’s custom moderation filters. Whether Meta plans to introduce anything like those isn’t known, but then again, it has been known to take pages from Bluesky’s book.

Artificial intelligence (AI) is making life easier not just for us but also for cybercriminals. 

It is enabling them to create elaborate campaigns to deceive people, efforts that would otherwise take months. Security researchers have discovered a new info stealer malware that masquerades as video-calling software. Hackers have built a whole website and set up companies using AI to make the malware appear harmless. 

They have even created social media accounts to add an extra layer of legitimacy. People are tricked into installing malicious video-calling software, and once they do, it steals their personal data and cryptocurrency.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

What you need to know about the malware

Cado Security Labs has uncovered a new, sophisticated scam targeting people. The scam involves a crypto stealer called Realst, which has versions for both macOS and Windows and has been active for about four months. 

The hackers behind this malware have gone all out, setting up fake company websites complete with AI-generated blogs, product content and social media accounts on platforms like Twitter and Medium. The company they’re pretending to be is called “Meetio,” though they’ve used different names in the past few months, including Clusee, Cuesee, Meeten and Meetone.

The scam works in a few different ways. Often, users are contacted on Telegram by someone pretending to be a friend or acquaintance. The scammers pitch a business opportunity and ask to schedule a call. In one case, the scammer even sent an investment presentation from the target’s own company, making the scam feel more real and personal. Other victims report being on Web3-related calls, downloading the software and having their cryptocurrency stolen.

Once the scammer makes contact, the target is usually directed to the Meeten website to download the malicious software. But even before the malware is installed, the website has JavaScript that can steal cryptocurrency stored in web browsers. It’s a multi-step scam that’s designed to trick you.

A woman working on several computers     (Kurt “CyberGuy” Knutsson)

4.3 MILLION AMERICANS EXPOSED IN MASSIVE HEALTH SAVINGS ACCOUNT DATA BREACH

How the malware works

Once victims are sent to the “Meeten” website, they’re given the option to download the software. The file they download contains a program called “fastquery,” though other versions of the malware come as a different file type (DMG) with a multi-architecture setup.

When the victim opens the program, two error messages pop up. The first one says, “Cannot connect to the server. Please reinstall or use a VPN,” and has a “continue” button. The malware also uses a macOS tool to ask the user for a password, a common trick in macOS malware.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

The malware then looks through various files on the victim’s computer to find sensitive information, such as passwords and account details. It creates a folder to store this stolen data, then compresses it into a zip file. This zip file, along with some system data, is sent to a remote server. The server receives information like the system’s build version, along with the stolen data.

Once the data is sent, the malware deletes any temporary files it created. The stealer is capable of grabbing sensitive information like Telegram credentials, banking card details and data from web browsers (like Google Chrome, Opera, Brave, Microsoft Edge, Arc, CocCoc and Vivaldi). It can steal things like saved passwords, cookies and browsing history.

A woman working on her laptop     (Kurt “CyberGuy” Knutsson)

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

6 ways you can stay safe from sneaky macOS malware

1. Verify sources before downloading software: Always ensure that you are downloading software from legitimate, trusted sources. Be cautious of downloading anything from links sent via unsolicited messages or emails, especially if they involve urgent requests or business opportunities.

The best way to safeguard yourself against malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my top picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Be cautious of unexpected contact: If you receive messages from unfamiliar contacts on platforms like Telegram or social media, especially those asking you to schedule calls or discuss business opportunities, verify the identity of the sender before taking any action. Cybercriminals often pose as friends or colleagues to gain trust.

3. Enable two-factor authentication (2FA): Use 2FA on your accounts, particularly for sensitive services like cryptocurrency wallets, banking and messaging apps. This adds an extra layer of protection in case your credentials are compromised.

4. Use strong and unique passwords: To protect your Mac from malware, it’s also crucial to use strong, unique passwords for all your accounts and devices. Avoid reusing passwords for different sites or services. A password manager can be incredibly helpful here. It generates and stores complex passwords for you, making them difficult for hackers to crack.

It also keeps track of all your passwords in one place and automatically fills them in when you log into accounts so you don’t have to remember them yourself. By reducing the number of passwords you need to recall, you’re less likely to reuse them, which lowers the risk of security breaches. Get more details about my best expert-reviewed Password Managers of 2024 here.

5. Keep your software updated: Ensure that both macOS and all installed applications are up to date. Apple frequently releases security patches and updates that address vulnerabilities. Enable automatic updates for macOS and your apps to stay protected without having to manually check for updates. If you need more help, see my guide on keeping all your devices updated.

6. Invest in personal data removal services: Consider services that scrub your personal information from public databases. This reduces the chances of your data being exploited in phishing or other cyberattacks after a breach and cuts down on the chances that potential attackers will find you or contact you in the first place. Check out my top picks for data removal services here. 

Kurt’s key takeaway

AI is enabling scammers to launch malicious campaigns at a scale we’ve never seen before, and it’s likely to get worse as AI models continue to improve. This makes it crucial to have tools that can detect AI-generated content, helping people better protect themselves against these scams. In the meantime, rely on your common sense, watch out for red flags and only install software from reputable platforms. For video calls, stick to well-known and trusted platforms like Zoom, FaceTime, Google Meet and Webex. If someone sends you a random video call link, politely ask them to schedule the call using one of these trusted platforms instead.

Should companies be doing more to help users detect and protect themselves from AI-powered scams? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com.  All rights reserved.

Apple hopes to release a foldable 18.8-inch creaseless iPad by about 2028, Bloomberg’s Mark Gurman writes in today’s Power On newsletter. The company’s industrial design group has reportedly managed to create prototypes of this device that “have a nearly invisible crease” and would essentially be like “two iPad Pros side-by-side.”

Rumors of a folding iPad have been floating in the ether for years, now. Recent ones include a smaller model that Apple would release in 2026 or 2027. Gurman’s write-up today has strong echoes of the gargantuan 20-inch folding “iPad / MacBook hybrid” he detailed in 2022. That doesn’t seem to mean that it will run macOS, but Gurman claims that it “will have elements of both” Macs and iPads and that iPadOS “should be advanced enough to run macOS apps” by 2028.

Considering that Macs run iPhone and iPad apps now, it’s not outrageous to think the street could go both ways in time. It might help the value proposition, too; the 13-inch iPad Pro starts at $1,299, and whatever financial damage an iPad twice that size could incur would be a little easier to take coupled with the salve of being able to run macOS apps on it.

Gurman says a foldable iPhone is still in the works, though he doesn’t expect that “before 2026 at the earliest,” as other rumors have said. He also says information from his sources lines up with an alleged Apple internal display roadmap that made the rounds recently, tipping the 18.8-inch foldable iPad and Apple’s plans to release OLED MacBook Pros in 2026, followed by a MacBook Air OLED update in 2027.