Johannesburg, 18 Aug 2025
As AI accelerates both innovation and risk, Gen Digital’s Q2 2025 Threat Report delivers a clear message: cyber criminals are using technology smarter – and more personally – than ever before. The findings span AI‑powered ransomware, pharmaceutical fraud, social media scams and a surge in remote access attacks. Let’s unpack the most urgent threats facing consumers and organisations today.
1. PharmaFraud: Fakes masquerading as medicine
Gen uncovered more than 5 000 fake pharmacy domains promoting high-demand medications – from antibiotics to weight-loss drugs and sexual health treatments. Branded as PharmaFraud, these scams are sophisticated operations using polished websites, AI-generated review content, malicious code injection and search manipulation to appear legitimate.
In Q2, Gen blocked 1 million attacks tied to these domains – exposing a global fraud scheme built to harvest financial and personal data under the guise of discounted prescriptions.
2. AI‑powered ransomware: The FunkSec Case
The report details the takedown of FunkSec, the first ransomware strain partially developed with generative AI. Despite its ability to encrypt data and extort users, Gen researchers uncovered a cryptographic weakness – one that enabled victims to recover their files without paying ransom. A free decryptor was released via Avast, and FunkSec has since gone silent.
This case marks a milestone: even AI‑enhanced malware can carry exploitable flaws, if diligently analysed.
3. Surge in financial and sextortion scams
From April to June 2025, financial scams surged 340%, many traced to fake ads and pages on Facebook using deepfake videos and chatbot forms to coax people into revealing sensitive information under the pretext of legal or investment help.
Meanwhile, sextortion scams doubled, rivalling phishing in their growth and psychological impact. These scams increasingly targeted mobile users, using urgency and manipulatory scripts to extract compliance.
4. Technical support scams via Facebook
Technical support scams (TSS) rose nearly 65% globally, with 14% of blocked threats linked to Facebook. Fake Messenger-style pop-ups locked browsers, displaying urgent messages prompting users to call fake support lines. The reach and credibility of Facebook’s ad network made it fertile ground for fraud.
5. The broader threat landscape
Key metrics from the report highlight:
A 21% increase in data breach events, with breached e-mail counts up 16%.
A 317% spike in malicious push notifications disguised as system alerts.
A 62% rise in remote access attacks, led by Wincir RAT and misuse of cloud services like OneDrive.
Persistence of the Lumma Stealer, which resurfaced after takedown attempts using new infrastructure for data exfiltration.
Collectively, these figures reflect an increasingly automated, AI‑powered and socially engineered cyber crime ecosystem.
Why the Q2 report matters
A. Personalisation enables persuasion
Threat actors now tailor scams using AI-generated content (health blogs, influencer endorsements, fabricated reviews), creating a veneer of credibility that lures victims into trusting and engaging.
B. AI accelerates scale – but leaves flaws
The FunkSec example demonstrates that AI can speed up malware development – but also generate errors that defenders can exploit. Continuous research and collaboration remain essential.
C. Social platforms amplify threat spread
Platforms like Facebook and YouTube are weaponised to launch fraud at scale. Fake profiles, malvertising, deepfakes and AI personas blur the lines – and amplify reach.
How to stay protected
Question “too good to be true” offers online: Low-cost prescription drugs via unfamiliar pharmacies are often scams. Look for secure checkout, reputable contact info and legitimate payment methods.
Trust security tools: Decrypt your files yourself if caught by ransomware – tools like Avast’s FunkSec decryptor prove it’s possible.
Limit data exposure on social platforms: Don’t click ads promoting “legal services” or investment schemes on Facebook; turn off browser pop‑ups and close suspicious windows.
Stay cautious with unsolicited tech support: Legitimate help won’t lock your browser or demand payment via phone.
Enable mobile protections: Push notifications are a common malware vector. Ensure your OS and security apps are up to date.
Use comprehensive security suites: Gen’s Norton and Avast brands, via tools like Norton Genie, offer AI‑powered scam detection and device protection.
Final thoughts: The AI – cyber security paradox
Gen Digital’s Q2 2025 Threat Report underscores a worrying reality: cyber threats are evolving faster, smarter and more dangerously, fuelled by AI tools that empower criminals to personalise, scale and evade detection.
Yet, the same technologies also empower defenders. From decrypting AI‑built ransomware to blocking scams before they reach users, proactive defence strategies are working – and proving effective.
Avast and AVG’s role in protecting against evolving threats
As cyber threats continue to grow in complexity, Avast and AVG stand at the forefront of providing reliable, cutting-edge protection for businesses and individuals. With AI-powered threat detection, real-time security monitoring and robust defences against ransomware, scams and APTs, both Avast and AVG ensure that your digital environment remains secure.
For IT service providers and managed service providers (MSPs), Avast and AVG offer tailored solutions through the Avast Business Hub, an all-in-one platform that simplifies security management. This platform is designed to protect users and devices from emerging threats, while reducing overhead and enhancing operational efficiency.
By combining advanced AI technology, machine learning capabilities and a team of global cyber security experts, Avast and AVG help you stay one step ahead of attackers, safeguarding your business against the evolving threat landscape.
Share