Tag: facebook ads

4 Attack Reports | 0 Vulnerabilities

Attack reports

DNS Used to Hide Fake Investment Platform Schemes

Savvy Seahorse, a DNS threat actor, employs sophisticated techniques to lure victims into fake investment platforms through Facebook ads. They use DNS CNAME records to create a traffic distribution system, enabling dynamic IP address updates and evasion of detection. The campaigns target multiple l…
domain generation algorithm
geofencing
facebook ads
dns abuse
investment scams
cname records
traffic distribution system
2026-02-19
Published: February 19, 2026
Downloadable IOCs: 0

The Sting of Fake Kling: Facebook Malvertising Lures Victims to Fake AI Generation Website

A threat actor has orchestrated a sophisticated malvertising campaign impersonating Kling AI, a popular AI-powered image and video synthesis tool. The attackers use counterfeit Facebook pages and paid ads to drive traffic to a convincing fake website. Users are tricked into downloading malicious fi…
malvertising
infostealer
purehvnc
facebook ads
2025-05-21
crypto theft
Published: May 21, 2025
Downloadable IOCs: 42

Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams

This report analyzes common techniques, tactics, and procedures (TTPs) used by several investment scam actors who lure victims with fake platforms, including crypto exchanges. Key TTPs include registering large numbers of domains algorithmically, embedding similar web forms to collect user data, hi…
social engineering
cryptocurrency
facebook ads
cloaking
2025-04-29
rdga
dns abuse
web forms
tds
investment scams
2025-05-06
dns exploitation
registered domain generation algorithms
Published: May 6, 2025
Downloadable IOCs: 87

Cyberhaven’s preliminary analysis of the recent malicious Chrome extension

A phishing attack on December 24th, 2024 compromised a Cyberhaven employee's access to the Google Chrome Web Store, leading to the publication of a malicious version of their Chrome extension. This was part of a larger campaign targeting Chrome Extension developers, primarily aiming at Facebook Ads…
phishing
data exfiltration
chrome extension
command and control
2025-01-02
facebook ads
oauth
Published: January 2, 2025
Downloadable IOCs: 5
Click here to see more Attack Reports