Subj : Criminals are spending millions on malicious domains and it's pa To : All From : TechnologyDaily Date : Thu Jul 18 2024 19:45:04 Criminals are spending millions on malicious domains and it's paying off for them in a big way Date: Thu, 18 Jul 2024 18:32:49 +0000 Description: A hacker was seen spending more than a million dollars on registering domains to host an infostealer on. FULL STORY ====================================================================== To host command and control (C2) servers, distribute malware , or perform other malicious activities, hackers need a domain name. They can automate the process of obtaining domain names with a Domain Generation Algorithm (DGA). However, to actually be able to use these domains, they also need to register them with a domain registrar. To do that, one group of hackers started using Registered Domain Generation Algorithms (RDGAs), which appears, unfortunately, to be working. Cybersecurity researchers from Infoblox Threat Intel reported a threat actor dubbed Revolver Rabbit has registered over 500,000 domains this way - which would have required them to invest at least a million dollars, which is quite the sum of money. A profitable endeavor The hacker used the RDGA to create command and control (C2) and decoy domains for the XLoader infostealing malware. XLoader is a versatile and potent piece of malware that serves multiple functions, including data theft, credential stealing, and functioning as a remote access Trojan (RAT). It is an evolution of the notorious FormBook malware, which was also known for its information-stealing capabilities. XLoader has been used in various cybercriminal campaigns, often targeting both Windows and macOS platforms. It must be a profitable malware for Revolver Rabbit given their investment in domain names the researchers said. Connecting the Revolver Rabbit RDGA to an established malware after months of tracking highlights the importance of understanding RDGAs as a technique within the threat actors toolbox. Infobloxs report concluded that RDGAs are a formidable and underestimated threat. By using the novel technique, threat actors can easily scale their spam, malware, and scam operations, most of the time flying below the cybersecurity industrys radars. In fact, Infoblox regularly discovers tens of thousands of new domains, which are then captured into clusters of actor-controlled assets. Most of these domains, the researchers claim, go unnoticed by the security industry. Revolver Rabbits activity was ongoing for almost a year and it wasnt flagged for being malicious. More from TechRadar Pro This wide-ranging trojan has returned from the dead Grandoreiro malware revives following police action Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/criminals-are-spending-millions-on-mali cious-domains-and-its-paying-off-for-them-in-a-big-way --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .