A Gen (NASDAQ: GEN), which specializes in promoting Digital Freedom through a portfolio of trusted brands including Norton, Avast, LifeLock, MoneyLion, and others, announces its Gen Threat Report for the fourth quarter of 2025, which analyzes the main trends observed between october and december.
The report reveals that by the end of 2025, cybercrime had come to rely increasingly on common digital actions rather than sophisticated exploits.In browsers, social networks, messaging apps and financial tools, the most damaging attacks succeeded when people themselves completed the final step: clicking a link, scanning a QR code, approving the pairing of a device or entering a verification code.
“Throughout 2025, scams have ceased to present themselves as threats, they have begun to blend into the digital routines of the day-to-day”, he says Stefnisson Siggi, Gen. “ Cyber Security CTO Attackers have come to rely on familiar platforms, trusted interfaces, and automated persuasion, scaling these tactics across different devices and channels”
Scams and malicious advertising dominate online shopping and social media
Scams have come to appear where people already spend a large part of their time online: in social media feeds and videos. Fake virtual stores dominated the holiday season, with more than 45 million attacks from fake online stores blocked globally in the fourth quarter, representing more than half of all attacks of this type blocked in 2025 and an increase of more than 62% in relation to the same period of 2024. These fake virtual stores also responded by 65%¹ of all threats blocked in social networks, with a strong concentration on Facebook and YouTube, led by credentials, where the most of the delivery of 3rd time originated from the consumer, 1st, the most of the 1st.
Gen telemetry also showed that malvertising & fake ads was the leading cyber threat to individuals globally in 2025, accounting for 41% of all attacks and acting as the first click that led to many social media and internet scams in general.This data is in line with recent reports citing internal Meta documents, which suggest that scam and banned product ads may represent about 10% of annual advertising revenue (approximately US$ 16 billion).
In Brazil, these trends were also reflected in the local scenario. During the last quarter of 2025, scams were among the main threats detected in the country. In particular, financial scams grew 74%, scams involving fake online stores increased 40% and relationship scams (dating scams) recorded a 34% increase in the period. During the same quarter, attacks of the type “scam-yourself” also increased 51%. This type of attack is based on tricking users into granting permissions themselves, pairing devices or entering verification codes, allowing scams to proceed without traditional malware execution.
Dangerous deepfakes
Gen introduced detection on the device itself (on-device) on Windows, focusing on the intersection between manipulated media and scam intent.The initial telemetry of this release showed that YouTube concentrated the largest share of videos of AI scams blocked, followed by Facebook and X, globally. Most of the blocked content was related to financial, investment and cryptocurrency baits, and was intercepted during playback not in the download.
Identity and financial risks have expanded globally
Identity abuse continued to worsen beyond traditional credit misuse. Gen telemetry data shows that the number of breaches increased by 176% quarter-over-quarter, with a significant trend of growth throughout the year.The data also indicates an increase in alerts related to:
- New records related to properties;
- Unusual activities in day-to-day bank accounts;
- New installment loan applications, leasing and retail credit;
- Transaction-level anomalies in credit cards and loans.
The rising risk ratios in these categories reinforce what external reports already indicate: identity fraud is becoming increasingly complex and multifaceted, simultaneously affecting property registries, deposits, credit instruments and social engineering schemes driven by scams.
Threats continue to spread across different platforms
In the fourth quarter of 2025, Gen globally noted that scams increasingly circulated between different devices, using people themselves to carry the attack across platforms. Some campaigns started on the desktop, with fake tutorial pages, and then induced victims to scan the screen with their mobile phone, transferring the next steps to the mobile environment where permissions, and then to the mobile environment, sideloading other operations followed the reverse path.In GhostPairing attacks, first identified and named by Gen Threat Labs, victims typed a numeric code into WhatsApp from their mobile phone, inadvertently linking a browser controlled by the cybercriminal as a trusted device and allowing the rapid spread of the scam through their contacts.Together, these patterns demonstrate how modern scams push the boundaries between devices to quickly scale and remain invisible.
As 2025 came to an end, Gen's fourth-quarter data showed that the attack surface had become continuous across browsers, messaging apps, social platforms and financial apps.The most damaging incidents started with small, familiar actions, carried out under time pressure or a false sense of security.
To read the Gen Threat Report for the fourth quarter of 2025 in full, visit: https://www.gendigital.com/blog/insights/reports/threat-report-q4-2025
¹Personal computer data
Portuguese (Brazil) 
English 
Spanish 
German 
Chinese (Hong Kong) 
Russian 
Hindi 
French 
Italian 
Japanese 
Arabic 
Chinese (Taiwan) 
Bengali 
Bulgarian 
Czech 
Danish 
Greek 
Finnish 
Croatian 
Hungarian 
Indonesian 
Korean 
Lithuanian 
Dutch 
Norwegian 
Polish 
Portuguese (Angola) 
Portuguese (Portugal) 
Romanian 
Slovak 
Slovenian 
Swedish 
Thai 
Turkish 
Ukrainian 
Vietnamese 
Chinese (China)