Social networks, 03/01/2024, 10:00 AM
Cyber security researchers from the firm Infoblox warned users about the Savvy Seahorse group, which uses Facebook ads to trick users into fake investment platforms and then transfer their deposits to Russian state-owned banks.
According to the company's report, the group creates fake investment platforms using popular brands such as Tesla, Meta and Imperial Oil to lure users into investing.
Savvy Seahorse uses advanced techniques such as fake ChatGPT and WhatsApp bots to lure users into investment scams. ChatGPT and WhatsApp bots provide victims with auto-replies about investment opportunities and high profits. These campaigns target users in different countries, in different languages, including Russian, Polish, Italian, German, Czech, Turkish, French, Spanish and English, but interestingly, users in Ukraine are protected.
Through Canonical Name DNS (CNAME) records, Savvy Seahorse creates a Traffic Distribution System (TDS) to conduct sophisticated financial fraud, control access to content and update the IP addresses of its campaigns. This helps them avoid detection. The Savvy Seahorse group, which has been active since 2021, is the first publicly reported threat actor to abuse DNS CNAME records for sophisticated fraud.
Another tactic used by the Savvy Seahorse group to avoid detection is short-term campaigns (only active for 5-10 days).
Risks that defrauded users may face include financial loss, data theft and malware infection.
Photo: Dawid Sokołowski / Unsplash