Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,176
- Points
- 113
Hackers spent about $1 million to set their digital traps.
Researchers from Infoblox have discovered the Revolver Rabbit cybercrime group, which registered more than half a million domain names for malicious data theft campaigns targeting Windows and macOS systems. This group uses Registered Domain Generation algorithms (RDGA), which allows you to automatically register multiple domain names in the shortest possible time.
RDGAS resemble the domain registration algorithms (DGA) that cybercriminals embed in malware to create a list of potential C2 servers. However, unlike DGA, where attackers register only some domains to exchange commands, in the case of RDGA, absolutely all domains are registered.
The malware distributed by Revolver Rabbit hackers is known as XLoader and is the successor to Formbook. This software targets Windows and macOS systems to collect confidential information or execute malicious files.
Renee Burton, vice president of threat analytics at Infoblox, noted that domains are in the zone .BONDS linked to Revolver Rabbit are easy to spot, but the group has registered hundreds of thousands of domains on various TLDs. Such a huge number, of course, makes analysis very difficult.
Considering the cost of the domain .With a BOND of about $ 2, Revolver Rabbit's investment in the XLoader operation is on the order of a million dollars, not including past purchases or domains on other TLDs.
A typical RDGA pattern used by this group includes one or more dictionary words followed by a five-digit number, with each word or number separated by a hyphen. These domains are easy to read and often focus on specific topics or regions, such as:
Malicious operations using RDGA include malware delivery, phishing, spam campaigns, and fraud, as well as redirecting traffic to malicious resources through traffic distribution systems.
Infoblox experts have been tracking the Revolver Rabbit grouping for almost a year, but the use of RDGA hid the attackers ' goals until recently. Campaigns of this group have been observed before, but their scale was not obvious.
Modern hacker groups invest millions of dollars in their operations, use advanced algorithms and automated systems to bypass security. This underscores the critical importance of continuously improving cybersecurity practices and the need for global cooperation to address digital threats that can affect any user or organization.
Source
Researchers from Infoblox have discovered the Revolver Rabbit cybercrime group, which registered more than half a million domain names for malicious data theft campaigns targeting Windows and macOS systems. This group uses Registered Domain Generation algorithms (RDGA), which allows you to automatically register multiple domain names in the shortest possible time.
RDGAS resemble the domain registration algorithms (DGA) that cybercriminals embed in malware to create a list of potential C2 servers. However, unlike DGA, where attackers register only some domains to exchange commands, in the case of RDGA, absolutely all domains are registered.
The malware distributed by Revolver Rabbit hackers is known as XLoader and is the successor to Formbook. This software targets Windows and macOS systems to collect confidential information or execute malicious files.
Renee Burton, vice president of threat analytics at Infoblox, noted that domains are in the zone .BONDS linked to Revolver Rabbit are easy to spot, but the group has registered hundreds of thousands of domains on various TLDs. Such a huge number, of course, makes analysis very difficult.
Considering the cost of the domain .With a BOND of about $ 2, Revolver Rabbit's investment in the XLoader operation is on the order of a million dollars, not including past purchases or domains on other TLDs.
A typical RDGA pattern used by this group includes one or more dictionary words followed by a five-digit number, with each word or number separated by a hyphen. These domains are easy to read and often focus on specific topics or regions, such as:
- usa-online-degree-29o[.]bond
- bra-portable-air-conditioner-9o[.]bond
- uk-river-cruises-8n[.]bond
- ai-courses-17621[.]bond
- app-software-development-training-52686[.]bond
Malicious operations using RDGA include malware delivery, phishing, spam campaigns, and fraud, as well as redirecting traffic to malicious resources through traffic distribution systems.
Infoblox experts have been tracking the Revolver Rabbit grouping for almost a year, but the use of RDGA hid the attackers ' goals until recently. Campaigns of this group have been observed before, but their scale was not obvious.
Modern hacker groups invest millions of dollars in their operations, use advanced algorithms and automated systems to bypass security. This underscores the critical importance of continuously improving cybersecurity practices and the need for global cooperation to address digital threats that can affect any user or organization.
Source
