Threat Intelligence
Malicious link shortening service for cybercrime identified
BleepingComputer reports that extensive URL shortening services have been offered by the Prolific Puma operation to cybercriminals over the past four years.
Up to 75,000 unique domain names have been registered by Prolific Puma since April 2022, with the operation registering nearly 800 domains daily at its peak in January, an Infoblox report showed. While malicious domains were registered across 13 top-level domains, more than 50% of all domains created since May were on the U.S. top-level domain. Moreover, nearly 2,000 usTLD domains have been privately registered from Sept. 1 to Oct. 15.
The findings also showed that NameSilo has been primarily used by Prolific Puma for URL hosting for the past three years, with registered domains left inactive for weeks to bypass detection before being moved to a bulletproof hosting provider.
While there has been no evidence indicating Prolific Puma's control of the landing pages, researchers believe the possibility of the threat actor's hold of the entire operation.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds