This article discusses the significant rise in investment scams, particularly through fake platforms, resulting in a loss of .7 billion in 2024. It explores various tactics utilized by scam actors, including embedded web forms, domain generation algorithms, and traffic distribution systems. The report focuses on two main actors, Reckless Rabbit and Ruthless Rabbit, who exemplify these techniques. Affected: consumers, investment sector
Keypoints :
- Investment scams caused .7 billion in losses in 2024, a 24% increase from 2023.
- Scams often utilize generic text messages and social media advertisements.
- Actors use Registered Domain Generation Algorithms (RDGAs) to create many domains programmatically.
- Embedded web forms are used for data collection from potential victims.
- Validation checks filter out legitimate traffic, making scams harder to detect.
- Actors leverage Traffic Distribution Systems (TDS) to redirect unsuspecting users to fake platforms.
- Reckless Rabbit and Ruthless Rabbit are notable actors employing these malicious tactics.
- Scams predominantly target victims in Eastern European countries.
MITRE Techniques :
- Credential Harvesting (T1589.001): Actors use embedded web forms to collect personal data during investment scams.
- Domain Generation Algorithms (T1568): Registered Domain Generation Algorithms (RDGAs) are used to create many malicious domains.
- Traffic Distribution (T1072): Traffic Distribution Systems (TDS) are utilized to control the routing of users based on geolocation.
- Exploitation of Public-Facing Applications (T1190): Fake investment platforms exploit vulnerabilities in user trust.
Indicator of Compromise :
- [Domain] kcfebdrill[.]info
- [Domain] topsmot[.]pro
- [Domain] brudamot[.]pro
- [Domain] bitcoin-apex[.]org
- [Domain] encuragingtax[.]info