home.social

#cloaking — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cloaking, aggregated by home.social.

  1. We planned one report on Keitaro abuse, but we ran out of pages before we ran out of cases.
    So here’s Part 2 of 3, a medley of threats that go well beyond AI‑investment scams.

    Threat actors abuse Keitaro’s traffic distribution, cloaking, and rule engine to hide malicious landing pages behind geo and device-based filters. They stack bulletproof hosting and reverse proxies to add layers of indirection, making takedown and analysis harder. In this post, we share how we overcame this using multi‑protocol, multi‑vantage telemetry. We leveraged JA4+ web server fingerprints, DNS analytics, and Confiant’s visibility into advertising supply chain data to uncover Keitaro abuse and the delivery of malware downloaders, infostealers, weaponized RMMs, wallet drainer campaigns, scams, and email spam and advertising attack vectors.

    If you hunt threats distributed via adtech, these indicators can be useful pivots. infoblox.com/blog/threat-intel

    #dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising #infostealer #rmm #remotemonitoringmanagement #downloader #malware #spam #airdrop #cryptocurrency #ja4 #ja4_fingerprinting

  2. We planned one report on Keitaro abuse, but we ran out of pages before we ran out of cases.
    So here’s Part 2 of 3, a medley of threats that go well beyond AI‑investment scams.

    Threat actors abuse Keitaro’s traffic distribution, cloaking, and rule engine to hide malicious landing pages behind geo and device-based filters. They stack bulletproof hosting and reverse proxies to add layers of indirection, making takedown and analysis harder. In this post, we share how we overcame this using multi‑protocol, multi‑vantage telemetry. We leveraged JA4+ web server fingerprints, DNS analytics, and Confiant’s visibility into advertising supply chain data to uncover Keitaro abuse and the delivery of malware downloaders, infostealers, weaponized RMMs, wallet drainer campaigns, scams, and email spam and advertising attack vectors.

    If you hunt threats distributed via adtech, these indicators can be useful pivots. infoblox.com/blog/threat-intel

    #dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising #infostealer #rmm #remotemonitoringmanagement #downloader #malware #spam #airdrop #cryptocurrency #ja4 #ja4_fingerprinting

  3. We planned one report on Keitaro abuse, but we ran out of pages before we ran out of cases.
    So here’s Part 2 of 3, a medley of threats that go well beyond AI‑investment scams.

    Threat actors abuse Keitaro’s traffic distribution, cloaking, and rule engine to hide malicious landing pages behind geo and device-based filters. They stack bulletproof hosting and reverse proxies to add layers of indirection, making takedown and analysis harder. In this post, we share how we overcame this using multi‑protocol, multi‑vantage telemetry. We leveraged JA4+ web server fingerprints, DNS analytics, and Confiant’s visibility into advertising supply chain data to uncover Keitaro abuse and the delivery of malware downloaders, infostealers, weaponized RMMs, wallet drainer campaigns, scams, and email spam and advertising attack vectors.

    If you hunt threats distributed via adtech, these indicators can be useful pivots. infoblox.com/blog/threat-intel

    #dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising #infostealer #rmm #remotemonitoringmanagement #downloader #malware #spam #airdrop #cryptocurrency #ja4 #ja4_fingerprinting

  4. We planned one report on Keitaro abuse, but we ran out of pages before we ran out of cases.
    So here’s Part 2 of 3, a medley of threats that go well beyond AI‑investment scams.

    Threat actors abuse Keitaro’s traffic distribution, cloaking, and rule engine to hide malicious landing pages behind geo and device-based filters. They stack bulletproof hosting and reverse proxies to add layers of indirection, making takedown and analysis harder. In this post, we share how we overcame this using multi‑protocol, multi‑vantage telemetry. We leveraged JA4+ web server fingerprints, DNS analytics, and Confiant’s visibility into advertising supply chain data to uncover Keitaro abuse and the delivery of malware downloaders, infostealers, weaponized RMMs, wallet drainer campaigns, scams, and email spam and advertising attack vectors.

    If you hunt threats distributed via adtech, these indicators can be useful pivots. infoblox.com/blog/threat-intel

    #dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising #infostealer #rmm #remotemonitoringmanagement #downloader #malware #spam #airdrop #cryptocurrency #ja4 #ja4_fingerprinting

  5. We planned one report on Keitaro abuse, but we ran out of pages before we ran out of cases.
    So here’s Part 2 of 3, a medley of threats that go well beyond AI‑investment scams.

    Threat actors abuse Keitaro’s traffic distribution, cloaking, and rule engine to hide malicious landing pages behind geo and device-based filters. They stack bulletproof hosting and reverse proxies to add layers of indirection, making takedown and analysis harder. In this post, we share how we overcame this using multi‑protocol, multi‑vantage telemetry. We leveraged JA4+ web server fingerprints, DNS analytics, and Confiant’s visibility into advertising supply chain data to uncover Keitaro abuse and the delivery of malware downloaders, infostealers, weaponized RMMs, wallet drainer campaigns, scams, and email spam and advertising attack vectors.

    If you hunt threats distributed via adtech, these indicators can be useful pivots. infoblox.com/blog/threat-intel

    #dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising #infostealer #rmm #remotemonitoringmanagement #downloader #malware #spam #airdrop #cryptocurrency #ja4 #ja4_fingerprinting

  6. 🔴 A threat isn't much of a threat if it can't reach the right victims. 📦 That's why many modern threat actors rely on cloakers and traffic distribution systems (TDS) to target, route, and hide at scale. In a six‑month joint effort analyzing four months of data with Confiant, we identified 15,500 domains configured to Keitaro instances and actively used in cyber campaigns. Keitaro is a legitimate ad tracker, but it is frequently misused by cybercriminals as an all‑in‑one tracker + TDS + cloaker in scam and malware campaigns. We encounter Keitaro in our investigations nearly every day, and we set out to quantify that abuse in the broader landscape. We're publishing a three‑part series to share what we learned. Part 1 focuses on a subset of actors who leverage AI in their operations, most of whom are tied to investment scams. At the end of the report, you'll find a link to our github repository that contains thousands of related Keitaro iocs.

    infoblox.com/blog/threat-intel

    #dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising

  7. 🔴 A threat isn't much of a threat if it can't reach the right victims. 📦 That's why many modern threat actors rely on cloakers and traffic distribution systems (TDS) to target, route, and hide at scale. In a six‑month joint effort analyzing four months of data with Confiant, we identified 15,500 domains configured to Keitaro instances and actively used in cyber campaigns. Keitaro is a legitimate ad tracker, but it is frequently misused by cybercriminals as an all‑in‑one tracker + TDS + cloaker in scam and malware campaigns. We encounter Keitaro in our investigations nearly every day, and we set out to quantify that abuse in the broader landscape. We're publishing a three‑part series to share what we learned. Part 1 focuses on a subset of actors who leverage AI in their operations, most of whom are tied to investment scams. At the end of the report, you'll find a link to our github repository that contains thousands of related Keitaro iocs.

    infoblox.com/blog/threat-intel

    #dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising

  8. 🔴 A threat isn't much of a threat if it can't reach the right victims. 📦 That's why many modern threat actors rely on cloakers and traffic distribution systems (TDS) to target, route, and hide at scale. In a six‑month joint effort analyzing four months of data with Confiant, we identified 15,500 domains configured to Keitaro instances and actively used in cyber campaigns. Keitaro is a legitimate ad tracker, but it is frequently misused by cybercriminals as an all‑in‑one tracker + TDS + cloaker in scam and malware campaigns. We encounter Keitaro in our investigations nearly every day, and we set out to quantify that abuse in the broader landscape. We're publishing a three‑part series to share what we learned. Part 1 focuses on a subset of actors who leverage AI in their operations, most of whom are tied to investment scams. At the end of the report, you'll find a link to our github repository that contains thousands of related Keitaro iocs.

    infoblox.com/blog/threat-intel

    #dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising

  9. 🔴 A threat isn't much of a threat if it can't reach the right victims. 📦 That's why many modern threat actors rely on cloakers and traffic distribution systems (TDS) to target, route, and hide at scale. In a six‑month joint effort analyzing four months of data with Confiant, we identified 15,500 domains configured to Keitaro instances and actively used in cyber campaigns. Keitaro is a legitimate ad tracker, but it is frequently misused by cybercriminals as an all‑in‑one tracker + TDS + cloaker in scam and malware campaigns. We encounter Keitaro in our investigations nearly every day, and we set out to quantify that abuse in the broader landscape. We're publishing a three‑part series to share what we learned. Part 1 focuses on a subset of actors who leverage AI in their operations, most of whom are tied to investment scams. At the end of the report, you'll find a link to our github repository that contains thousands of related Keitaro iocs.

    infoblox.com/blog/threat-intel

    #dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising

  10. 🔴 A threat isn't much of a threat if it can't reach the right victims. 📦 That's why many modern threat actors rely on cloakers and traffic distribution systems (TDS) to target, route, and hide at scale. In a six‑month joint effort analyzing four months of data with Confiant, we identified 15,500 domains configured to Keitaro instances and actively used in cyber campaigns. Keitaro is a legitimate ad tracker, but it is frequently misused by cybercriminals as an all‑in‑one tracker + TDS + cloaker in scam and malware campaigns. We encounter Keitaro in our investigations nearly every day, and we set out to quantify that abuse in the broader landscape. We're publishing a three‑part series to share what we learned. Part 1 focuses on a subset of actors who leverage AI in their operations, most of whom are tied to investment scams. At the end of the report, you'll find a link to our github repository that contains thousands of related Keitaro iocs.

    infoblox.com/blog/threat-intel

    #dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising

  11. ICYMI: Meta sues scam advertisers in Brazil, China and Vietnam over celeb-bait and cloaking: Meta filed multiple lawsuits on February 26, 2026 against scam advertisers using celeb-bait and cloaking tactics in Brazil, China, and Vietnam, while issuing cease and desist letters to eight marketing consultants. ppc.land/meta-sues-scam-advert #Meta #Advertising #ScamAlert #CelebBait #Cloaking

  12. Nowy wektor ataku łączący indirect prompt injection z cloakingiem wymierzony w autonomicznych agentów AI

    Myślicie, że Internet może być niebezpieczny dla ludzi? No cóż, sztuczna inteligencja też już może zacząć się bać. Shaked Zychlinski z JFrog opisał nowy wektor ataku, który pozwala wstrzyknąć złośliwe instrukcje do asystentów AI przeglądających strony w Internecie. Dotychczasowe ataki typu indirect prompt injection polegały na ukryciu instrukcji na stronie...

    #WBiegu #Ai #Awareness #Cloaking #Promptinjection

    sekurak.pl/nowy-wektor-ataku-l

  13. Lumma Stealer is currently one of the most popular malware. Campaigns involving this info stealer have a notable presence in DNS. We’ve been tracking a threat actor that deploys large number of domains to advertise file share links dropping Lumma Stealer. These campaigns are interesting because the actor uses traffic distribution system (TDS), cloaking, and web tracking technology (e.g. Matomo, Bablosoft) to hide and protect the malicious content. Here are recent examples of the TDS and landing page domains.

    :::TDS + Cloaking:::
    am4[.]myidmcrack[.]site
    bjnhuy[.]shop
    filefetch[.]click
    mplopop[.]shop
    oyoclean[.]sbs
    psldi3z[.]com
    readyf1[.]click
    volopi[.]cfd

    :::Landing Page:::
    14redirect[.]cfd
    downf[.]lol
    fbfgsnew[.]com
    icjvueszx[.]com
    lkjpoisjnil[.]site
    sikoip[.]cfd
    zulmie[.]cfd


    An attack that we investigated today showed a new Lumma Stealer payload and C2 domain that is only a day old.

    :::Lumma Stealer executable SHA256::: df148680db17e221e6c4e8aed89b4d3623f4a8ad86a3a4d43c64d6b1768c5406

    :::Text sites containing Lumma Stealer configuration details:::
    hXXps://rentry[.]co/feouewe5/raw
    hXXps://pastebin[.]com/raw/uh1GCpxx

    :::Newly created Lumma Stealer C2:::
    hXXps://urbjanjungle[.]tech/api

    #malware #lummastealer #c2 #tds #tracker #cloaking #dns #mastodon #threatintel #cybercrime #threatintelligence #cybersecurity #infosec #infoblox #infobloxthreatintel

  14. Nothing to see here!

    On the awareness of and preparedness and defenses against cloaking malicious web content delivery.

    Nice and insightful presentation by @wachizungu at @hack_lu

    #cloaking #infosec #hacklu

    🔗 Full thesis - research.ou.nl/ws/portalfiles/

  15. What my theory presupposes is that while the Federation agreed by treaty to not develop cloaking technology, they can work around this by just temporarily changing a ship's registry to the NCC-404. I'll take my answer in the line for a corndog please. :hood: #StarTrek #Cloaking #Romulans #AlwaysAChessGame #FriendsOfDeSoto

  16. I veckans podd följer vi upp förrförra veckans Kalla fakta-inslag om bluffannonser för investeringsbedrägerier. Hur kan annonserna slinka igenom granskningen?

    nikkasystems.com/2023/02/24/po

    #blisäker #podd #poddcast #poddradio #cloaking

  17. Der Internetkonzern hat angefangen, die Identität von Werbekunden
    systematisch zu überprüfen. Doch das Katz-und-Maus-Spiel ist noch lange nicht vorbei.
    Werbebetrug und Co: Google löscht 5,6 Millionen Konten
  18. Der Internetkonzern hat angefangen, die Identität von Werbekunden
    systematisch zu überprüfen. Doch das Katz-und-Maus-Spiel ist noch lange nicht vorbei.
    Werbebetrug und Co: Google löscht 5,6 Millionen Konten
  19. Milliarden Werbeanzeigen sind von Google nicht zugelassen worden, weil sie gegen die Richtlinien des Konzerns verstießen.
    Ads Safety Report: Google blockiert und löscht Milliarden Anzeigen
  20. Scientists create “invisibility cloaks” to hide objects from water waves - Enlarge / Hydrodynamic "invisibility cloaks" would hide objects from fluid flows and surface waves ... more: arstechnica.com/?p=1550993 #invisibilitycloak #metameterials #cloaking #science #physics