Game On: Latest in Gaming News, Reviews & Industry Buzz
- Cloaking became a central layer, using traffic distribution systems to show scams only to targeted victims and hide from scanners.
- Researchers Infoblox and Confiant found threat actors exploit commercial tracking software to scale routing, filtering, and campaign management.
- Investment scams lean on AI-themed lures, deploying deepfakes and generative AI to automate multilingual content and rapidly rotate domains.
- 15,500 domains were actively used to deliver cloaked AI investment scams
- Cloaking ensures harmful content is shown only to targeted victims
- Commercial tracking software allows cybercriminals to scale operations without building infrastructure
Cloaking has shifted from a supporting tactic into a central layer of cybercriminal infrastructure, and commercial tools are now widely embedded in cybercrime operations at scale.
A four-month analysis of malicious activity by Infoblox and Confiant identified roughly 15,500 domains linked to malicious tracker deployments.
These domains routed traffic from compromised websites, spam messages, social media channels, and online advertising ecosystems.
Article continues below
Threat actors exploit commercial tracking software for scale
Rather than building bespoke systems, many threat actors rely on commercial tracking software that already performs filtering, routing, and campaign management functions at scale.
These domains do not simply host scams, but conceal them through cloaking techniques that display harmful content only to intended victims while displaying benign pages to security scanners and others.
Cloaking operates through traffic distribution systems that filter visitors using attributes such as location, device type, and referral source before determining what content is shown.
This allows operators to circumvent advertising restrictions while refining the audience that ultimately sees the scam content.
The research describes cloaking as “a foundational block of modern cybercrime,” reflecting how deeply integrated it has become within these operations.
It also allows threat actors to shield infrastructure not only from defenders but also from rival groups seeking to hijack campaigns.
Investment scams accounted for the largest share of activity observed across these domains, with a clear emphasis on AI-themed narratives as the primary lure.
Pages frequently promote automated trading platforms using phrases such as “Smart AI Trading Technology” or “Intelligent Trading Solutions,” often paired with claims of consistent and unusually high returns.
In several cases, deepfake imagery and fabricated media content are used to reinforce credibility and create a sense of urgency.
Also, generative AI tools are being used to produce large volumes of campaign material programmatically.
This includes headlines, promotional copy, and visual assets that can be deployed across multiple domains with minimal variation.
The result is a scalable content pipeline that supports rapid campaign expansion across languages and regions without requiring substantial manual effort.
Despite domain reporting and account suspensions by researchers and the tracker’s operators, the activity shows little sign of slowing.
Operators continue to rotate domains and reuse the same infrastructure with minimal changes, allowing campaigns to return quickly after disruption.
Thousands of active domains within a short window point to persistent and ongoing activity rather than isolated incidents.
Endpoint protection systems often struggle to detect these campaigns because cloaked content is only revealed after specific conditions are met.
Firewall controls provide limited coverage when traffic is routed through legitimate advertising and web channels.
Malware removal efforts remain reactive, as harm typically occurs only after victims have already been funneled through these delivery paths.
These limitations mean that standard defenses cannot stop these attacks, and the risk from cloaking and tracker abuse remains high.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Read the full article on the original site
