Massive AI investment scam network spans 15,500 domains

Researchers tracked a large AI‑themed investment scam campaign involving more than 15,000 domains. It uses cloaking and deepfakes to hide from security tools while targeting ordinary users.

Criminals abused the Keitaro ad-tracking platform as part of a cloaking system so real victims see scam content, while security scanners, ad reviewers, and some random visitors see harmless pages, making the operation hard to detect and shut down.

Keitaro is a commercial tracking platform originally meant for digital marketers to manage ad campaigns, test which ads work best, and route visitors to different landing pages.

Because it is feature rich, easy to spin up on regular hosting, and built to filter and route traffic, criminals found they can abuse those capabilities to run scams at scale.

Traffic starts in many places. The scammers used compromised websites, spam emails, social media posts, and online ads, all quietly routing through the same tracking infrastructure.

Massive AI investment scam network spans 15,500 domains

Other newsrooms on this story

Related reading

AI Tools Are Helping Mediocre North Korean Hackers Steal Millions

A Pro-Russia Disinformation Campaign Is Using Free AI Tools to Fuel a ‘Content…

Deepfake fraud taking place on an industrial scale, study finds

So Many People Are Falling For ‘Domain Spoofing.’ Here’s What It Is — And How…

Most phishing now uses AI, says KnowBe4

A Dark-Money Campaign Is Paying Influencers to Frame Chinese AI as a Threat