Cybercriminals are turning to AI to power their investment scams while hijacking a legitimate advertising platform to hide their operations.
The California-based cybersecurity firm Infoblox says in a new report that over six months, it kept an eye on how cybercriminals used Keitaro, a legitimate advertising performance-tracking platform.
According to Infoblox, it is well-known that thieves are abusing Keitaro to hide the true nature of malicious websites from content moderators, advertisers and security researchers while precisely targeting potential victims.
“We examined four months of data starting October 1, 2025, to determine how much of that use was malicious. During this time, we detected thousands of instances of malicious Keitaro cloaking content ranging from investment scams to information stealers.
Traffic to the instances was driven from compromised websites, spam, social media, and advertising. The level and persistence of abuse is quite staggering. Keitaro is a feature-rich, self-hosted tracker that can be spun up in a few minutes on multiple hosting platforms, likely making it attractive to use. We found approximately 15,500 domains actively used for malicious Keitaro instances during this time, with about 9,000 of those registered before their use.”
Infoblox also finds that scammers are using AI in two distinct and sophisticated ways.
“A recent trend in this type of scam is the use of AI as a central marketing hook — pages routinely claim ‘advanced AI’ or ‘AI-driven algorithms’ that automate trading and promise outsized returns. Several actors also incorporate deepfake imagery or video to boost perceived credibility. We additionally observed indicators of programmatic use of generative AI to mass-produce headlines, copy, and visuals that are deployed as lure pages and ad creatives.”
According to Infoblox’s data, the campaigns are mostly global, but there are “notable threat actors” who specifically target victims in the United States. Infoblox also warns that AI has now become a force multiplier for scammers, while Keitaro serves as the enabler.
“Investment scams were the most common attack category, and the most compelling subset within that was AI-driven scams. By combining an older but still highly effective investment fraud theme with modern AI technologies, actors have been able to launch large‑scale, highly convincing cyber campaigns.”
Disclaimer: Opinions expressed at CapitalAI Daily are not investment advice. Investors should do their own due diligence before making any decisions involving securities, cryptocurrencies, or digital assets. Your transfers and trades are at your own risk, and any losses you may incur are your responsibility. CapitalAI Daily does not recommend the buying or selling of any assets, nor is CapitalAI Daily an investment advisor. See our Editorial Standards and Terms of Use.