Keitaro Tracker Abuse Analysis

~Infoblox~
Threat actors like TA2726 are abusing cracked Keitaro Tracker instances for malvertising, cloaking, and malware distribution.
-
IOCs: 185. 184. 123. 58, apiexplorerzone. com, rapiddevapi. com
-
#Malvertising #TA2726 #ThreatIntel

Inside Keitaro Abuse: A Persistent Stream of AI-Driven Investment Scams Keitaro Tracker is being widely abused by threat actors to perform domain cloaking, conditional traffic routing, and large-scale investment and tech-support scams, often leveraging AI-generated content and deepfakes to increase credibility and scale. Collaborative research by Infoblox and Confiant found thousands of malicious Keitaro instances, extensive domain registration patterns (RDGAs), and active abuse by actors including TA2726. #Keitaro #TA2726

Keitaro Tracker is exploited by cybercriminals for AI-driven investment and tech-support scams, using domain cloaking and conditional traffic routing. Thousands of malicious instances linked to TA2726 identified. #KeitaroAbuse #AIscams #TA2726

New FrigidStealer infostealer infects Macs via fake browser updates The FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware call...

FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware called FrigidStealer. #TA2726 #TA2727 #CyberCrime www.bleepingcomputer.com/news/securit...

Proofpoint identified and named two new cybercriminal threat actors: #TA2726 and #TA2727.

These groups operate components of web inject campaigns, including those using fake update-themed lures commonly known to be distributed by #TA569 #SocGholish.