Criminals are using AI-generated fake copyright violation threats to take over social media and websites – here’s what you need to know
By Efosa Udinmwen
Copyright techradar
Skip to main content
Tech Radar Pro
Tech Radar Gaming
Close main menu
the business technology experts
België (Nederlands)
Deutschland
North America
US (English)
Australasia
New Zealand
View Profile
Search TechRadar
Expert Insights
Website builders
Web hosting
Best web hosting
Best office chairs
Best website builder
Best antivirus
Expert Insights
Don’t miss these
Small business security warning – new malware is spoofing tools such as ChatGPT, Microsoft Office and Google Drive, so be on your guard
Hackers are using fake NDAs to hit US manufacturers in major new phishing scam
A popular fake Telegram Premium site has been flooding the web with malware – here’s how to stay safe
Cyber Crime
5 worrying ways AI is being used by cybercriminals to target millions of victims
Pakistani-based malware empire ‘punished’ software pirates with infostealers, earning millions of dollars in just five years – here’s how to stay safe
Watch out – hackers are using AI to make phishing emails even more convincing
Criminals are using a dangerous fake free VPN to spread malware via GitHub – here’s how to stay safe
Fake TikTok shops found spreading malware to unsuspecting victims – here’s how to stay safe
Malicious URLs and phishing scams remain a constant threat for businesses – here’s what can be done
GitHub users targeted with dangerous malware attacks – here’s what we know
​’A CRM for cybercriminals’ – SpamGPT makes cybercriminals’ wildest dreams come true with business-grade marketing tools and features
Hook, line and sinker: how to detect and protect your business from phishing attacks
Phishing emails are getting smarter – and using some new tricks to snare victims
Hackers are now mimicking government websites using AI – everything you need to know to stay safe
That email from finance with your name in the subject line? It might just be a trap – here’s what researchers found about malware delivery
Criminals are using AI-generated fake copyright violation threats to take over social media and websites – here’s what you need to know
Efosa Udinmwen
29 September 2025
Machine translation and AI tools fuel global reach for phishing campaigns
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Image Credit: Pixabay
(Image credit: Geralt / Pixabay)
Cybercriminals exploit copyright fear to push malware into everyday online spaces
Telegram bots now double as command hubs for evolving malware threats
Fake legal firms deliver malware through takedown scams in multiple languages
Cybercriminals have long relied on fear as a way to manipulate victims, and copyright claims are proving to be one of the latest tools of choice.
Research by Cofense Intelligence found attackers are sending messages designed to look like legitimate takedown requests to multiple users.
However, the real intention of these messages is to deliver malware under the guise of legal pressure.
You may like
Small business security warning – new malware is spoofing tools such as ChatGPT, Microsoft Office and Google Drive, so be on your guard
Hackers are using fake NDAs to hit US manufacturers in major new phishing scam
A popular fake Telegram Premium site has been flooding the web with malware – here’s how to stay safe
A campaign built on deception
The report outlined how a Vietnamese threat actor referred to as Lone None has been distributing campaigns that spoof legal firms, sending messages which claim to flag copyright-infringing content on the target’s website or social media account.
What makes this wave of activity notable is the use of multiple languages, suggesting reliance on machine translation or AI tools to generate convincing templates across regions.
Victims are pressured into following links, which, instead of solving an alleged copyright problem, lead to malware downloads.
The attack chain has several unusual features that distinguish it from more traditional phishing attempts.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Instead of relying on ordinary hosting methods, the operators have embedded payload information within Telegram bot profile pages.
From there, targets are steered toward archive files hosted on free platforms such as Dropbox or MediaFire.
Inside these archives, legitimate applications like PDF readers are bundled alongside malicious files.
You may like
Small business security warning – new malware is spoofing tools such as ChatGPT, Microsoft Office and Google Drive, so be on your guard
Hackers are using fake NDAs to hit US manufacturers in major new phishing scam
A popular fake Telegram Premium site has been flooding the web with malware – here’s how to stay safe
The malware loader is disguised to resemble normal Windows processes, and it uses obfuscated Python scripts to establish persistence and fetch additional components.
Beyond the familiar PureLogs Stealer, Cofense reports the presence of a new malware strain named Lone None Stealer, also called PXA Stealer.
This tool is engineered to focus on cryptocurrency theft, quietly replacing copied wallet addresses with those controlled by the attackers.
Communication with the operators is handled through Telegram bots, keeping the infrastructure flexible and harder to disrupt.
Although the current campaigns emphasize information stealing, the methods used could just as easily deliver ransomware in future iterations.
While technical indicators such as unusual Python installations on a host can aid in detection, the most effective shield is still training and vigilance.
A combination of advanced email security tools and endpoint protection offers a strong defense, since filtering alone cannot fully prevent these copyright-spoofing campaigns.
You might also like
We’ve also listed the best proxies for enterprises around
Efosa Udinmwen
Freelance Journalist
Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master’s and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Small business security warning – new malware is spoofing tools such as ChatGPT, Microsoft Office and Google Drive, so be on your guard
Hackers are using fake NDAs to hit US manufacturers in major new phishing scam
A popular fake Telegram Premium site has been flooding the web with malware – here’s how to stay safe
5 worrying ways AI is being used by cybercriminals to target millions of victims
Pakistani-based malware empire ‘punished’ software pirates with infostealers, earning millions of dollars in just five years – here’s how to stay safe
Watch out – hackers are using AI to make phishing emails even more convincing
Latest in Security
Experts warn a maximum severity GoAnywhere MFT flaw is now being exploited as a zero day
Companies are facing more cyberattacks than ever before – and many just can’t cope
SonicWall VPN accounts breached by Akira ransomware -and even those using MFA are at risk
Volvo says staff data was stolen following recent ransomware attack on IT supplier
Harrods cyberattack – over 430,000 customers have data stolen, here’s how to stay safe
LockBit malware is back – and nastier than ever, experts claim
Latest in News
How to watch Blue Lights season 3 on BBC iPlayer — it’s *FREE*
How to watch Secrets of the Brain on BBC iPlayer — it’s *FREE*
WhatsApp just got a big messaging update – here are my 5 favorite upgrades coming to iOS and Android
How to watch The Walsh Sisters on RTE (it’s free)
How to watch Chad Powers online – stream the Eli Manning-inspired comedy online from anywhere
AMD’s next-gen ‘Redstone’ AI upscaling tech looks imminent – and a big clue has been spotted in the latest drivers
LATEST ARTICLES
Criminals are using AI-generated fake copyright violation threats to take over social media and websites – here’s what you need to know
No Nvidia here! US businesses are increasingly using Apple Mac hardware to run AI workloads in a seismic shift that could see macOS move beyond creative
NYT Connections hints and answers for Tuesday, September 30 (game #842)
NYT Strands hints and answers for Tuesday, September 30 (game #576)
Quordle hints and answers for Tuesday, September 30 (game #1345)
TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
Contact Future’s experts
Terms and conditions
Privacy policy
Cookies policy
Advertise with us
Web notifications
Accessibility Statement
Future US, Inc. Full 7th Floor, 130 West 42nd Street,
Please login or signup to comment
Please wait…
