New research by Infoblox has uncovered that over 236,000 websites are deploying scam templates developed with the DCloud Uni-App, a legitimate Chinese open-source framework. These sites are implicated in various fraudulent activities, including fake cryptocurrency exchanges and phishing schemes.
Widespread Use of Scam Templates
The DCloud Uni-App framework powers numerous malicious websites, including fake gambling platforms and cryptocurrency wallet drainers. Infoblox identified 236,493 unique domains using these templates, emphasizing the significant scale of the threat. The operators of these scams employ complex strategies to deceive unsuspecting victims.
Evidence suggests that a central entity may be managing many of these domains, as indicated by patterns in domain registrations and technical footprints. This centralized control could be facing challenges or restructuring, as inferred from observed changes in registration trends.
Notorious Scams and Their Impact
Among the identified scams is RainbowEx, a fraudulent cryptocurrency exchange involved in a Ponzi scheme that affected thousands in San Pedro, Argentina. Seven individuals connected to RainbowEx were arrested in 2024, highlighting the severe impact of these scams on communities.
While the DCloud Uni-App itself is not inherently malicious, its use in scams is characterized by fake interfaces and deceptive prompts. These sites target a global audience, impersonating well-known brands and platforms to lure victims.
Technical Insights and Prevention
Infoblox’s analysis shows these scams are hosted on reputable providers like Cloudflare and Amazon Web Services, with some using bulletproof hosting to avoid takedowns. Sophisticated operators often disguise their activities by modifying the framework’s default signatures.
In the United States, similar scams have emerged, exploiting the DCloud framework in schemes such as the LSSC scooter-sharing scam. These scams often require victims to recruit others, perpetuating the fraudulent operation.
Infoblox emphasizes the need for vigilance and collaboration between cybersecurity experts and hosting providers to combat these threats effectively. Understanding the infrastructure and tactics of these scams is crucial for developing robust prevention strategies.
The continued evolution of online scams necessitates constant vigilance and adaptive measures to protect users from emerging threats.
