🟠 High | Source: The Hacker News
Infoblox researchers have identified over 236,000 websites built using DCloud Uni-App, a legitimate Chinese open-source development framework, that are being exploited to run cryptocurrency scams, phishing campaigns, and wallet-draining operations. These sites power pig-butchering fraud, fake exchanges, WhatsApp phishing networks, and brand impersonation at industrial scale. The abuse of a trusted, popular framework makes detection harder and lends a veneer of technical legitimacy to fraudulent infrastructure.
Security Architect’s Take: Review your organisation’s web proxy and DNS filtering rules to block or alert on newly registered domains serving DCloud Uni-App assets, particularly those exhibiting characteristics of financial or crypto-themed content. Consider integrating Infoblox or equivalent threat intelligence feeds that track this infrastructure cluster to proactively protect users from accessing these sites.
Original advisory: 236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers