Ethical Hacking News
Investment scammers are using advanced tactics, including Facebook ads and registered domain generation algorithms (RDGA), to target vulnerable individuals. The scammers are employing sophisticated techniques to evade detection and make off with the hard-earned savings of unsuspecting victims. Read more about this emerging threat in our latest investigation.
The two new investment scams, "Reckless Rabbit" and "Ruthless Rabbit", are using advanced tactics to target vulnerable individuals. "Reckless Rabbit" is creating fake news articles with celebrity endorsements and using web forms to collect user data for financial information. "Reckless Rabbit" is also filtering out traffic from countries of interest using HTTP GET requests to IP validation tools. "Ruthless Rabbit" has been targeting Eastern European users since at least November 2022 and uses a cloaking service called "mcraftdb[.]tech" for validation checks. "Ruthless Rabbit" is also using the TDS technique to hide malicious content from security researchers and bots. The use of AI-powered tools in investment scams is becoming increasingly common, as seen in the Nomani scheme exposed by ESET last December. Threat actors like "Reckless" and "Ruthless Rabbit" will continue to evolve their tactics, making it essential for individuals to be vigilant when online.
A recent investigation by cybersecurity researchers has uncovered two new investment scams that are using advanced tactics, including Facebook ads and registered domain generation algorithms (RDGA), to target vulnerable individuals. The scammers are employing sophisticated techniques to evade detection and make off with the hard-earned savings of unsuspecting victims.
The first scam, codenamed "Reckless Rabbit," has been observed creating fake news articles featuring celebrity endorsements to lure users to bogus investment platforms. These ads are interspersed with unrelated content, including clearance sales from brands like Zara, to evade detection and enforcement action. The scammers are also using web forms to collect user data, which is then used to create a sense of urgency and encourage the victims to enter their financial information.
Another tactic employed by Reckless Rabbit is the use of HTTP GET requests to legitimate IP validation tools, such as ipinfo[.]io, ipgeolocation[.]io, or ipapi[.]co, to filter out traffic from countries that are not of interest. This allows the scammers to focus on specific regions and tailor their attacks accordingly.
In contrast, "Ruthless Rabbit" has been actively running investment scam campaigns since at least November 2022, targeting Eastern European users. What sets this threat actor apart is its use of a cloaking service called "mcraftdb[.]tech" to perform validation checks. This allows the scammers to strengthen their infrastructure and make it more resilient, making it harder for security researchers and bots to detect their activities.
Once the victims have passed the verification checks, they are routed to an investment platform where they are urged to enter their financial information to complete the registration process. The scammers also use a technique called "TDS" (Traffic Distribution System) to hide malicious content from security researchers and bots, making it harder for them to detect and take down the scam.
The findings of this investigation come as no surprise, given the rise of investment scams in recent years. In December 2024, ESET exposed a similar scheme dubbed "Nomani" that uses a combination of social media malvertising, company-branded posts, and artificial intelligence-powered video testimonials featuring famous personalities to deceive people.
The use of AI-powered tools to create convincing ads and videos is becoming increasingly common in investment scams. This is evident from the fact that Spanish authorities recently arrested six individuals aged between 34 and 57 for allegedly running a large-scale cryptocurrency investment scam that used AI tools to generate deepfake ads featuring popular public figures to deceive people.
The investigation by Infoblox also highlights the importance of using advanced threat intelligence tools to stay ahead of scammers. The company's researchers noted that "threat actors like Reckless and Ruthless Rabbits will be relentless in their attempts to trick as many users as possible." They added that "these types of scams have proven to be highly profitable for them, and they will continue to grow rapidly—both in number and sophistication."
The use of RDGA to set up domain names for the sketchy investment platforms is also a technique adopted by other threat actors. This allows scammers to create a large number of domain names quickly and easily, making it harder for security researchers and law enforcement agencies to track them down.
In conclusion, the investigation by Infoblox highlights the sophisticated tactics being used by investment scammers to target vulnerable individuals. The use of advanced tools, including Facebook ads and RDGA, makes it harder for security researchers and law enforcement agencies to detect and take down these scams. It is essential for individuals to be vigilant when it comes to online investment opportunities and to report any suspicious activity to the authorities.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Investment-Scams-Use-Advanced-Tactics-to-Target-Vulnerable-Individuals-ehn.shtml
https://thehackernews.com/2025/05/new-investment-scams-use-facebook-ads.html
https://www.marketingtechnews.net/news/how-scammers-use-facebook-ads-and-fake-news-sites-for-frauds/
https://www.howtogeek.com/facebook-friends-offering-investments-is-a-trending-scam-heres-what-to-look-out-for/
Published: Tue May 6 09:17:18 2025 by llama3.2 3B Q4_K_M
