Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Unregistered Domain Threatened 25,000 Endpoints Globally

Unregistered Domain Threatened 25,000 Endpoints Globally

Posted on April 15, 2026 By CWS

In a startling cybersecurity revelation, Huntress researchers have identified a sophisticated threat embedded in what was initially believed to be adware. An unregistered domain, purchasable for just $10, posed the risk of granting cybercriminals covert access to over 25,000 compromised endpoints globally.

Malware Evolution and Threat Analysis

The software scrutinized in this investigation is signed by Dragon Boss Solutions, a firm claiming to specialize in search monetization and based in the United Arab Emirates. Initially labeled as a potentially unwanted program (PUP) due to its browser hijacking capabilities, the software underwent a dangerous transformation according to Huntress researchers.

Beginning in March 2025, analyses showed the software deploying a PowerShell-based payload. This payload, operating with elevated privileges, was designed to disable cybersecurity defenses, block update servers, and prevent the reinstallation of security software.

Persistence and Exploitation Mechanisms

The malware’s persistence was achieved via five scheduled tasks and WMI event subscriptions, ensuring its survival through system reboots. It also manipulated Windows Defender settings to exclude directories used for staging future threats, which could include cryptominers, ransomware, or data-stealing malware.

A critical vulnerability was uncovered in the software’s update configuration. The main domain for delivering payload updates (chromsterabrowser[.]com) was unregistered, creating a potential vector for exploitation. Any individual acquiring this domain could distribute malicious code to affected systems, bypassing antivirus defenses entirely.

Global Impact and Security Measures

Huntress quickly registered the vulnerable domain and redirected it to a sinkhole for monitoring. This action revealed approximately 25,000 unique IP addresses, representing real-world endpoints, reaching out for update instructions across 124 countries. The United States alone accounted for over 12,000 of these hosts.

The infections included high-value targets, with 324 endpoints belonging to sensitive networks. This group included 221 educational institutions, 41 operational technology (OT) networks, 35 government bodies, and three healthcare organizations. The affected OT networks spanned electric utilities, transportation providers, and critical infrastructure, with several Fortune 500 companies also impacted.

In response, Huntress has called on organizations to search for indicators of compromise (IoCs) to ascertain the campaign’s impact. This proactive measure is crucial for mitigating potential damages and securing networks against similar threats in the future.

Security Week News Tags:Cybersecurity, Dragon Boss Solutions, Endpoints, global threat, Huntress, Malware, network security, PowerShell payload, PUP, unregistered domain

Post navigation

Previous Post: Critical Windows BitLocker Flaw Poses Security Risk
Next Post: Hackers Exploit Microsoft 365 Mailbox Rules for Email Interception

Related Posts

Hackers Target KnowledgeDeliver Zero-Day Vulnerability Hackers Target KnowledgeDeliver Zero-Day Vulnerability Security Week News
Ukrainian Nefilim Ransomware Affiliate Pleads Guilty in US Ukrainian Nefilim Ransomware Affiliate Pleads Guilty in US Security Week News
F5 Hack: Attack Linked to China, BIG-IP Flaws Patched, Governments Issue Alerts  F5 Hack: Attack Linked to China, BIG-IP Flaws Patched, Governments Issue Alerts  Security Week News
iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals Security Week News
Defend Against Identity Threats: Join Our Webinar Defend Against Identity Threats: Join Our Webinar Security Week News
US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • New ClickLock Malware Threatens macOS Security
  • ACR Stealer Exploits ClickFix to Access Sensitive Data
  • Cyberattack Hits Nichirei, Disrupts Operations
  • Risk Ledger Secures $32M in Series B Funding
  • CISA Alerts on Critical Fortinet Vulnerabilities

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • New ClickLock Malware Threatens macOS Security
  • ACR Stealer Exploits ClickFix to Access Sensitive Data
  • Cyberattack Hits Nichirei, Disrupts Operations
  • Risk Ledger Secures $32M in Series B Funding
  • CISA Alerts on Critical Fortinet Vulnerabilities

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark