(infoblox.com) Keitaro Abuse Exposed: How Threat Actors Weaponize Commercial Adtech Across a Broad Spectrum of Cybercrime

orlysec@swecyb.com

(infoblox.com) Keitaro Abuse Exposed: How Threat Actors Weaponize Commercial Adtech Across a Broad Spectrum of Cybercrime

Keitaro TDS abuse drives surge in malvertising, cryptocurrency theft, and phishing. 20%+ of tracked threat actors (TilapiaParabens, HircusPircus, TheNovosti) exploit Keitaro for malware delivery (DonutLoader → StealC v2, RustyStealer), wallet drainers (96% of spam campaigns), and phishing. Bulletproof hosting AS214351 (FEMO IT) fronts C2s; JA4+ fingerprinting exposes admin consoles. RDGA, Sitting Ducks hijacking, and obfuscated JS enable evasion. Targets: Canadian banks, Brazilian PII, NFT scams.

Source: https://www.infoblox.com/blog/threat-intelligence/no-reach-no-risk-the-keitaro-abuse-in-modern-cybercrime-distribution/

#Cybersecurity #ThreatIntel