Summary: A novice cybercriminal named Coquettte has been utilizing a Russian bulletproof hosting provider, Proton66, to distribute malware via a fraudulent antivirus website. Investigations reveal that Coquettte is linked to various illicit activities, including the deployment of harmful payloads and selling guides for illegal substances. The findings suggest a broader connection to a hacking group called Horrid, indicating a network of amateur cybercriminals using Proton66’s infrastructure.
Affected: Proton66, Coquettte, and associated cybercriminal networks
Keypoints :
- Coquettte is exploiting Proton66’s hosting to distribute malware disguised as antivirus software.
- The operational security failure allowed detection of malicious activities, revealing Coquettte’s connection to multiple cybercrime ventures.
- The threat actor’s digital presence includes selling illegal guides and a domain registration linking them to a command-and-control server.
- Coquettte may be affiliated with a wider hacking group known as Horrid, showing a networked approach to cybercrime.
Source: https://thehackernews.com/2025/04/opsec-failure-exposes-coquetttes.html