Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Unregistered Domain Threatened 25,000 Endpoints Globally

Unregistered Domain Threatened 25,000 Endpoints Globally

Posted on April 15, 2026 By CWS

In a startling cybersecurity revelation, Huntress researchers have identified a sophisticated threat embedded in what was initially believed to be adware. An unregistered domain, purchasable for just $10, posed the risk of granting cybercriminals covert access to over 25,000 compromised endpoints globally.

Malware Evolution and Threat Analysis

The software scrutinized in this investigation is signed by Dragon Boss Solutions, a firm claiming to specialize in search monetization and based in the United Arab Emirates. Initially labeled as a potentially unwanted program (PUP) due to its browser hijacking capabilities, the software underwent a dangerous transformation according to Huntress researchers.

Beginning in March 2025, analyses showed the software deploying a PowerShell-based payload. This payload, operating with elevated privileges, was designed to disable cybersecurity defenses, block update servers, and prevent the reinstallation of security software.

Persistence and Exploitation Mechanisms

The malware’s persistence was achieved via five scheduled tasks and WMI event subscriptions, ensuring its survival through system reboots. It also manipulated Windows Defender settings to exclude directories used for staging future threats, which could include cryptominers, ransomware, or data-stealing malware.

A critical vulnerability was uncovered in the software’s update configuration. The main domain for delivering payload updates (chromsterabrowser[.]com) was unregistered, creating a potential vector for exploitation. Any individual acquiring this domain could distribute malicious code to affected systems, bypassing antivirus defenses entirely.

Global Impact and Security Measures

Huntress quickly registered the vulnerable domain and redirected it to a sinkhole for monitoring. This action revealed approximately 25,000 unique IP addresses, representing real-world endpoints, reaching out for update instructions across 124 countries. The United States alone accounted for over 12,000 of these hosts.

The infections included high-value targets, with 324 endpoints belonging to sensitive networks. This group included 221 educational institutions, 41 operational technology (OT) networks, 35 government bodies, and three healthcare organizations. The affected OT networks spanned electric utilities, transportation providers, and critical infrastructure, with several Fortune 500 companies also impacted.

In response, Huntress has called on organizations to search for indicators of compromise (IoCs) to ascertain the campaign’s impact. This proactive measure is crucial for mitigating potential damages and securing networks against similar threats in the future.

Security Week News Tags:Cybersecurity, Dragon Boss Solutions, Endpoints, global threat, Huntress, Malware, network security, PowerShell payload, PUP, unregistered domain

Post navigation

Previous Post: Critical Windows BitLocker Flaw Poses Security Risk
Next Post: Hackers Exploit Microsoft 365 Mailbox Rules for Email Interception

Related Posts

Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm Security Week News
Rokarolla Trojan Threatens Over 200 Banking Apps Rokarolla Trojan Threatens Over 200 Banking Apps Security Week News
FBI Probes Cyber Incident on Sensitive Surveillance System FBI Probes Cyber Incident on Sensitive Surveillance System Security Week News
Optimizely Suffers Cyberattack Through Vishing Tactics Optimizely Suffers Cyberattack Through Vishing Tactics Security Week News
Outdated UEFI Shims Risk Secure Boot Breach Outdated UEFI Shims Risk Secure Boot Breach Security Week News
Police in Brazil Arrest a Suspect Over 0M Banking Hack Police in Brazil Arrest a Suspect Over $100M Banking Hack Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • CISA Alerts on Critical SharePoint Vulnerability Exploitation
  • Beacon Security Secures $13M Funding for Data Platform
  • GoSerpent Malware Targets Southeast Asian Governments
  • New ClickLock Malware Threatens macOS Security
  • ACR Stealer Exploits ClickFix to Access Sensitive Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • CISA Alerts on Critical SharePoint Vulnerability Exploitation
  • Beacon Security Secures $13M Funding for Data Platform
  • GoSerpent Malware Targets Southeast Asian Governments
  • New ClickLock Malware Threatens macOS Security
  • ACR Stealer Exploits ClickFix to Access Sensitive Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark