Skip to main content

'Savvy Seahorse' - Novel DNS CNAME Trick

posted onFebruary 29, 2024
by l33tdawg
Dark Reading
Credit: Dark Reading

A newly discovered threat actor is running an investment scam through a cleverly designed traffic distribution system (TDS), which takes advantage of the Domain Name System (DNS) to keep its malicious domains ever-changing and resistant to takedowns.

"Savvy Seahorse" impersonates major brand names like Meta and Tesla — and, through Facebook ads in nine languages, lures victims into creating accounts on a fake investing platform. Once victims fund their accounts, the money is funneled to a presumably attacker-controlled account at a Russian state-owned bank.

It's a common sort of scam. According to the Federal Trade Commission (FTC), US consumers reported losing 4.6 billion dollars to investment scams in 2023 alone. That's nearly half of the $10 billion reported to have been lost to all forms of scams, making it the most profitable kind out there. So what separates Savvy Seahorse from the pack is not the character of its ruse but, rather, the infrastructure supporting it.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th