Two stories this episode: scammers used AI to clone a BBC presenter’s voice and defraud an ad company out of £20,000, and threat actor TA547 deployed AI-generated PowerShell scripts to deliver the Rhadamanthus information stealer against dozens of German organizations.
Stories Covered
AI Voice Clone Used to Defraud Ad Company Out of £20,000 Impersonating BBC Presenter
Scammers used AI-generated audio to impersonate BBC science presenter Liz Bonìn, convincing the CEO of UK company Incognito that she had agreed to endorse their insect repellent product. The attackers contacted Howard Carter, Incognito’s chief executive, via WhatsApp and email — explicitly steering negotiations away from official channels to avoid professional representation that would have caught the fraud. They supplied a fake contract they claimed Bonìn had electronically signed and provided fabricated contact details for someone impersonating her management at the Wildlife Trust, where Bonìn serves as president. Carter transferred £20,000 to a digital bank account linked to the scammers and received images for the campaign shortly after. The ad ran on Monday. Hours later, Bonìn posted on X that she had never agreed to any endorsement with the company.
Two AI audio experts who assessed the voice recording confirmed it was likely artificially generated. The tells were characteristic: early in the clip the voice matched Bonìn’s Irish accent, then shifted to sound Australian, then British — losing coherent accent identity across the recording. Experts noted gaps in recitation speed, inconsistent cadence, and speech quality that was unusually clean despite apparent background noise, artifacts consistent with current AI voice synthesis limitations. When AI models generate speech, they tend toward unnatural evenness — a flattening of the subtle tonal variation, emphasis drift, and trailing letter sounds that characterize natural human speech. Those gaps are detectable now, but are narrowing as the technology improves. The fraud illustrates the risk vector clearly: AI voice cloning lowers the barrier to impersonating specific named individuals for targeted financial fraud, with the attack surface extending to any public figure with enough recorded audio to train on.
The scam worked because Carter was willing to conduct the entire deal off official channels. The warning pattern is well established: any negotiation that redirects away from a person’s professional representation, verified contact information, or established platform carries elevated fraud risk. If someone contacts you claiming to represent a known person or organization and asks to keep things unofficial — that is the signal to stop and verify through an independent, documented channel. The actual legitimate parties almost never ask to bypass their own management or legal structures. In this case the £20,000 was gone before the campaign even ran.
TA547 Uses AI-Generated PowerShell to Deploy Rhadamanthus Info-Stealer Against German Firms
Proofpoint researchers attributed a March 2024 email campaign targeting dozens of German organizations across multiple industries to TA547, a threat actor also tracked as Scully Spider and active since at least 2017. The campaign impersonated Metro Cash & Carry using invoice-themed lures. Messages carried a password-protected ZIP archive (password: MAR26) containing a malicious .lnk shortcut file. Executing the shortcut triggered a PowerShell script that decoded a Base64-encoded copy of the Rhadamanthus executable stored in a variable, loaded it into memory as an assembly, and executed it — never writing the payload to disk. The fileless execution technique is deliberate: a payload that never touches disk is harder to detect through traditional antivirus signature scanning, leaves less forensic evidence, and cannot be trivially pulled for reverse engineering the way a dropped binary can.
Rhadamanthus is an information stealer distributed since September 2022 under a malware-as-a-service model — sold to cybercrime groups who pay per install or by subscription, following the same commercial structure as legitimate SaaS products. Proofpoint flagged an unusual characteristic in the PowerShell script: it included a hash or pound sign followed by descriptive comments for nearly every component of the code. Professional developers and threat actors alike rarely comment every line of working code — comments appear to mark what is needed or to annotate unusual behavior, not to narrate routine operations. The dense, instructional commenting pattern — including markers like “Replace with your actual Base64 string” — is characteristic of code generated by large language models responding to simple prompts, which produce heavily annotated output by default. Bleeping Computer reproduced the experiment using ChatGPT-4 with a similar prompt and got structurally identical output, matching variable names, commenting style, and structure.
The implication is that TA547 used an AI assistant to write or rewrite portions of the attack toolchain — not to develop novel malware, but to accelerate script production and potentially evade signature-based detection by generating code that does not match known human-authored samples. In mid-February 2024, OpenAI announced it had blocked accounts linked to state-sponsored groups including Charcoal Typhoon and Salmon Typhoon (China), Crimson Sandstorm (Iran), Emerald Sleet (North Korea), and Forest Blizzard (Russia) for misuse of ChatGPT. The practical uses: LLMs serve as a fast reconnaissance tool, a code assistant for writing attack scripts, and a way to produce polished phishing content at scale. The convergence of AI tooling and offensive security operations is accelerating — the same tools developers use to write faster are available to the people attacking them.
Leave a Reply