Criminals Pour Millions into Malicious Domains, Reaping Significant Rewards
In the constantly evolving realm of cybercrime, hackers are making substantial investments in malicious domains, and the returns are proving to be substantial.
To conduct their illegal operations—such as managing command and control (C2) servers, distributing malware, or executing other malicious activities—cybercriminals need domain names. While many use Domain Generation Algorithms (DGAs) to automate the creation of these domains, registering them with a domain registrar is essential for their functionality.
Recent insights from Infoblox Threat Intel reveal that a hacker group called Revolver Rabbit has registered over 500,000 domains using Registered Domain Generation Algorithms (RDGAs). This extensive registration represents an investment of more than one million dollars.
A Costly but Profitable Strategy
Revolver Rabbit has utilized RDGAs to set up both C2 and decoy domains specifically for the XLoader infostealing malware. XLoader is a sophisticated malware with various functionalities, including data theft, credential stealing, and remote access capabilities. It represents an advanced evolution of the notorious FormBook malware, which is known for targeting sensitive information.
The large investment in domain names indicates that XLoader is a highly profitable tool for Revolver Rabbit. The association between RDGAs and advanced malware highlights the importance of recognizing these methods as part of the cybersecurity threat landscape.
Infoblox’s report underscores RDGAs as a “formidable and underestimated” threat. This innovative technique enables cybercriminals to scale their spam, malware, and scam operations effectively, often evading traditional cybersecurity defenses. Infoblox frequently identifies “tens of thousands of new domains,” which are then grouped into clusters controlled by threat actors. Many of these domains remain undetected by security systems. Revolver Rabbit’s activities, ongoing for almost a year, were largely unnoticed until recently.
