A financially motivated cybercrime operation has been identified, targeting users with over 80 spoofed domain names and lure websites. The campaign, which began in September 2024, focuses on government tax sites, consumer banking, age 18+ social media content, and Windows assistant applications. The actors use these domains to deliver Android and Windows trojans, likely for credential theft. The operation employs common techniques such as spoofed domains and lure websites, prioritizing scale and conversion rates over technical sophistication. The most common lures exploit curiosity and desire, making victims less likely to report infections. Users are advised to be cautious when encountering unfamiliar links or download prompts. Author: AlienVault
Related Tags:
windows malware
spoofed domains
lure websites
trojans
T1608.004
T1566.003
T1585.002
T1608.001
T1566.002
Associated Indicators:
71CD466073BF23B43111DBC68CCAF1064E737F3F9FFEBFEC9A6F5146AF6A34B9
A83A442F930FEA310D391F852385E3673D8C7128E5BBDC2B68217838C78381FA
getdownload-hub.com
alphazone.icu
eldenhall.digital
dornwell.today
chromaguide.icu
au-ato.com
getupload-center.live