Home Cyber Security Researchers Expose Prolific Puma’s Underground Hyperlink Shortening Service

Researchers Expose Prolific Puma’s Underground Hyperlink Shortening Service

Researchers Expose Prolific Puma’s Underground Hyperlink Shortening Service


Link Shortening Service

A menace actor generally known as Prolific Puma has been sustaining a low profile and working an underground hyperlink shortening service that is provided to different menace actors for at the very least over the previous 4 years.

Prolific Puma creates “domains with an RDGA [registered domain generation algorithm] and use these domains to supply a hyperlink shortening service to different malicious actors, serving to them evade detection whereas they distribute phishing, scams, and malware,” Infoblox mentioned in a brand new evaluation pieced collectively from Area Identify System (DNS) analytics.

With malicious actors identified to make use of hyperlink shorteners for phishing assaults, the adversary performs an vital function within the cybercrime provide chain, registering between 35,000 to 75,000 distinctive domains since April 2022. Prolific Puma can be a DNS menace actor for leveraging DNS infrastructure for nefarious functions.

A notable facet of the menace actor’s operations is using an American area registrar and hosting firm named NameSilo for registration and title servers attributable to its affordability and an API that facilitates bulk registration.


Prolific Puma, which doesn’t promote its shortening service on underground markets, has additionally been noticed resorting to strategic growing older to park registered domains for a number of weeks previous to internet hosting their service with nameless suppliers.

“Prolific Puma domains are alphanumeric, pseudo-random, with variable size, usually 3 or 4 characters lengthy, however we’ve additionally noticed SLD labels so long as 7 characters,” Infoblox defined.

Moreover, the menace actor has registered 1000’s of domains within the U.S. top-level area (usTLD) since Could 2023, repeatedly utilizing an e-mail handle containing a reference to the tune OCT 33 by a psychedelic soul band referred to as Black Pumas: blackpumaoct33@ukr[.]internet.

Link Shortening Service

The actual-world id and origins of Prolific Puma stays unknown as but. That mentioned, a number of menace actors are mentioned to be utilizing the providing to take guests to phishing and rip-off websites, CAPTCHA challenges, and even different shortened hyperlinks created by a distinct service.

In a single occasion of a phishing-cum-malware assault documented by Infoblox, victims clicking on a shortened hyperlink are taken to a touchdown web page that requests them to supply private particulars and make a cost, and finally infect their techniques with browser plugin malware.

The disclosure comes weeks after the corporate uncovered one other persistent DNS menace actor codenamed Open Tangle that leverages a big infrastructure of lookalike domains of reliable monetary establishments to focus on customers for phishing and smishing assaults.

“Prolific Puma demonstrates how the DNS may be abused to assist legal exercise and stay undetected for years,” it mentioned.

Kopeechka Hacking Device Floods On-line Platforms with Bogus Accounts

The event additionally follows a brand new report from Pattern Micro, which discovered that lesser-skilled cybercriminals are utilizing a brand new device referred to as Kopeechka (which means “penny” in Russian) to automate the creation of a whole bunch of pretend social media accounts in just some seconds.

“The service has been lively for the reason that starting of 2019 and supplies simple account registering providers for widespread social media platforms, together with Instagram, Telegram, Fb, and X (previously Twitter),” safety researcher Cedric Pernet mentioned.

Kopeechka supplies two forms of totally different e-mail addresses to assist with the mass-registration course of: e-mail addresses hosted in 39 domains owned by the menace actor and people which can be hosted on extra widespread e-mail internet hosting providers similar to Gmail, Hotmail, Outlook, Rambler, and Zoho Mail.


“Kopeechka doesn’t really present entry to the precise mailboxes,” Pernet defined. “When customers request for mailboxes to create social media accounts, they solely get the e-mail handle reference and the particular e-mail that accommodates the affirmation code or URL.”

It is suspected that these e-mail addresses are both compromised or created by the Kopeechka actors themselves.

With on-line providers incorporating cellphone quantity verification to finish registration, Kopeechka allows its prospects to select from 16 totally different on-line SMS providers, most of which originate from Russia.

Apart from accelerating cybercrime and equipping menace actors to launch full-fledged operations at scale, such instruments – created as a part of the “as-a-service” enterprise mannequin – spotlight the professionalization of the legal ecosystem.

“Kopeechka’s providers can facilitate a simple and reasonably priced solution to mass-create accounts on-line, which might be useful to cybercriminals,” Pernet mentioned.

“Whereas Kopeechka is especially used for a number of accounts creation, it will also be utilized by cybercriminals who need to add a level of anonymity to their actions, as they don’t want to make use of any of their very own e-mail addresses to create accounts on social media platforms.”

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.



Please enter your comment!
Please enter your name here