AI-Themed Investment Scam Network Reportedly Used Keitaro Cloaking Across 15,500 Domains

Researchers from Infoblox and Confiant tracked a massive investment scam campaign involving more than 15,000 domains over a four-month period starting October 1, 2025. Criminals abused the Keitaro ad-tracking platform as part of a cloaking system to hide scam content from security scanners while showing it to real victims. The scam sites typically promised 'Smart AI Trading Technology' or 'Intelligent Trading Solutions' with consistently high returns, often using deepfake images, fabricated media, and fake interviews with well-known public figures to appear credible. The operation used compromised websites, spam emails, social media posts, and online ads to drive traffic through the same tracking infrastructure. When visitors clicked links, a traffic distribution system checked their country, device, browser, and other factors to determine if they matched an 'ideal victim' profile before showing them the real investment scam landing page. Security researchers, ad platform reviewers, and automated scanners were instead shown benign pages like generic blogs. The campaign included multiple threat actors using AI-generated content, deepfake videos of news anchors, and fake news articles to promote fraudulent cryptocurrency platforms and trading schemes targeting various countries including the United States, European nations, Canada, and Japan.