Researchers Expose Prolific Puma’s Underground Link Shortening Service

Researchers Expose Prolific Puma's Underground Link Shortening Service

November 1, 2023 at 11:40AM

Prolific Puma, a threat actor, has been running an underground link shortening service for other malicious actors for the past four years. This service helps them distribute phishing, scams, and malware while evading detection. Puma uses an American domain registrar and web hosting company named NameSilo for registration. The real identity of Puma is unknown. Another tool called Kopeechka allows cybercriminals to automate the creation of fake social media accounts. It provides email addresses and phone number verification services for mass registration. These tools highlight the professionalization of the criminal ecosystem.

Based on the meeting notes, here are the key takeaways:

1. A threat actor known as Prolific Puma has been operating an underground link shortening service for other malicious actors for at least four years.
2. Prolific Puma uses registered domain generation algorithms to create domain names for its link shortening service, aiding in phishing, scams, and malware distribution.
3. The threat actor has registered thousands of domains and leverages DNS infrastructure for nefarious purposes.
4. Prolific Puma utilizes an American domain registrar and web hosting company called NameSilo for its operations due to affordability and bulk registration capabilities.
5. The threat actor engages in strategic aging of registered domains before hosting their service with anonymous providers.
6. Prolific Puma’s domains are alphanumeric and typically 3-4 characters long, occasionally reaching up to 7 characters.
7. The real-world identity and origins of Prolific Puma remain unknown.
8. Multiple threat actors utilize Prolific Puma’s services to redirect victims to phishing, scam sites, CAPTCHA challenges, and other shortened links.
9. An example of a phishing and malware attack involves victims being redirected to a landing page where personal details and payments are requested, ultimately leading to browser plugin malware infections.
10. The disclosure of Prolific Puma’s activities highlights the abuse of the DNS system for criminal purposes, allowing perpetrators to go undetected for extended periods.
11. Another recent report highlights the use of the Kopeechka hacking tool by lesser-skilled cybercriminals to create a large number of fake social media accounts quickly.
12. Kopeechka offers easy account registration services for platforms like Instagram, Telegram, Facebook, and X.
13. The tool provides various email addresses, either from domains owned by the threat actor or popular email hosting services, to aid in the registration process.
14. Kopeechka customers can choose from 16 different online SMS services to complete phone number verification during registration.
15. Tools like Kopeechka contribute to the professionalization of the criminal ecosystem, allowing for the mass creation of accounts and providing anonymity to cybercriminals.

Please note that these takeaways are based on the information provided in the meeting notes and may not include every detail.

Full Article