Cato CTRL security researchers recently discovered a new threat actor: ProKYC, which is selling deepfake tools that help fraudsters bypass KYC controls.
The tool has primarily been customized to target cryptocurrency exchanges, but if it works, the software has broad implications for most sites that use automated KYC verification with selfies and driver’s licenses.
The Tool Creates Documents As Well As Deepfake Videos
ProKYC is sold primarily on Telegram and dark web channels. The software is unique because it does two things.
- Create Fake Documents – Using artificial intelligence a person can use the software to upload an AI face and use one of hundreds of fake document templates and create a perfect forgery.
- ByPass Selfie Checks – After the fake document has been created the software allows the user to use a virtual camera and deepfake the KYC controls of the victim company.
The software is cheap too. Available for less than $500.
Watch This Demo Of The Software Defeating ByBit
To sell the solution, ProKYC offers a demo video depicting a customized version of the deepfake software called KYC Crypto V1.1 to defeat ByBit’s KYC verification.
In the video, the fraudster creates an AI face, puts the face on an official Australian passport, and then uses the documentation and software to defeat the exchange’s selfie and liveness detection.
After completion, the fraudster is notified that they have successfully verified the account.
KYC Is Under Attack By Fraudsters That Want To Use Deepfakes
The use of Deepfake software like ProKYC is inevitable. The subject of AI is a frequent conversation on Telegram where there has been an explosion of interest over the last six months.
Point Predictive scientists tracked the mention rate of the term AI on Telegram’s top 50 fraud channels and detected an enormous spike in mentions in March of 2024.
Their primary topic of conversation? How to “bypass KYC controls with AI”.