Threat Intelligence

Malicious link shortening service for cybercrime identified

BleepingComputer reports that extensive URL shortening services have been offered by the Prolific Puma operation to cybercriminals over the past four years. Up to 75,000 unique domain names have been registered by Prolific Puma since April 2022, with the operation registering nearly 800 domains daily at its peak in January, an Infoblox report showed. While malicious domains were registered across 13 top-level domains, more than 50% of all domains created since May were on the U.S. top-level domain. Moreover, nearly 2,000 usTLD domains have been privately registered from Sept. 1 to Oct. 15. The findings also showed that NameSilo has been primarily used by Prolific Puma for URL hosting for the past three years, with registered domains left inactive for weeks to bypass detection before being moved to a bulletproof hosting provider. While there has been no evidence indicating Prolific Puma's control of the landing pages, researchers believe the possibility of the threat actor's hold of the entire operation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.