1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'Cybercriminals are industrializing deception': new report reveal

    From TechnologyDaily@1337:1/100 to All on Thursday, March 26, 2026 11:30:25
    'Cybercriminals are industrializing deception': new report reveals how major global cybercrime syndicates have infiltrated trusted domains with millions now at risk - here's what you need to know

    Date:
    Thu, 26 Mar 2026 11:20:51 +0000

    Description:
    Outdated software, crypto fraud, and fake ecommerce sites are running
    rampant, losing people money and web assets.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news
    and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are now subscribed Your newsletter sign-up was successful An account already exists for this email address, please log in. Subscribe to our newsletter NordVPN & TechRadar uncover three global cybercrime campaigns Legacy FCKeditor flaw exploited to hijack 1,300+ domains; crypto deposit scam tricks victims into fake fees Chinese-speaking actor runs 800+ fraudulent e-commerce sites with urgent, too-good-to-be-true offers A number of large, interconnected, global cybercriminal operations have been found abusing legacy software, peoples trust in digital platforms, and the desire to get rich fast, to target people with malware and wire fraud.

    A new research report, published jointly by NordVPNs Threat Intelligence research unit, and TechRadars security team, found the first campaign
    revolves around legacy software called FCKeditor, an old web-based rich text editor that works inside a browser. It is like a mini version of Microsoft Word embedded in a website, and it was widely used in early CMS platforms, forums, and admin panels, back in the early 2000s and 2010s. Article
    continues below You may like 'Simple but dangerous Top VPNs targeted by typosquatting as 14% of fake domains found to be malicious Ever heard of 'quishing'? NordVPN warns the future of scams lies in QR codes and shares some tips on how to stay safe The silent DNS malware thats redefining email and web-based cyberattacks

    Even though FCKeditor is no longer maintained, many important websites still actively use it, and are hunted by cybercriminals for it. Back in February 2024, TechRadar reported of dozens of educational websites being abused this way to poison search engine results, deliver phishing sites to victims, and engage in all kinds of fraudulent activity.

    Back then, a security researcher alias @g0njxa found the websites of MIT, Columbia University, Universitat de Barcelona, Auburn University, University of Washington, Purdue, Tulane, Universidad Central del Ecuador, and the University of Hawaii, all being targeted. Besides university sites, the campaign also targeted government and corporate websites, such as the site of the Government of Virginia, Austin, Texas, the website of the Government of Spain, and Yellow Pages Canada.

    FCKeditor is no longer maintained, and is vulnerable to CVE-2009-2265, a
    group of directory traversal flaws that allow remote attackers to create executable files in arbitrary directories. According to NordVPN and TechRadar , threat actors have used this flaw in recent times to compromise more than 1,300 high-value domains, including government, public, corporate websites, high-value brands, and research institutions.

    After taking over the sites, the crooks would use them as launchpads to distribute malware or redirect traffic to fake e-commerce sites and phishing pages. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar
    Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. Crypto phishing The second threat is a highly organized phishing and fraud campaign that tricks people into making fraudulent payments. It starts with an email alerting the victim about a
    large crypto deposit (usually 15 bitcoin) to a new wallet on an exchange. The victim is given a link and login credentials which, if they used, lead to a fake wallet or exchange website showing the funds.

    The victim is then tricked into paying gas fees (transaction costs) or taxes in order to withdraw the crypto. The money they give this way is then lost to the attackers, likely forever.

    NordVPNs investigation uncovered more than 100 active domains being used in this campaign. What to read next 'Digital squatting' hits new levels as hackers target brand domains This new cybercrime platform lets hackers run malicious Google Ads and hide from Google's screening process Hackers hijack WordPress sites to spread malware using fake CAPTCHA

    This is social engineering at an elite scale, said Domininkas Virbickas, Product Director at NordVPN. Criminals are leveraging the allure and confusion of cryptocurrency to reinvent old scams in new digital forms. Hundreds of fake e-commerce sites Hundreds of fake e-commerce sites are
    making promises they can't keep. (Image credit: Song_About_Summer / Shutterstoc) The third campaign is even bigger - more than 800 fraudulent e-commerce domains, in all sorts of categories - from fashion, to automotive, to health products.

    Traced to a single Chinese-speaking threat actor, the network is built using WordPress , WooCommerce, and Elementor, and offers time-limited, too-good-to-be-true offers. Victims, eager not to miss this
    once-in-a-lifetime opportunity, lower their guard and end up making payments without ever getting what they paid for.

    These shops lure victims with unrealistic offers, creating urgency and bypassing consumer skepticism. Indicators of Chinese origin include untranslated Chinese characters and localized file artifacts across the network. NordVPN linked the sites through shared digital fingerprints and discovered consistent hosting under the registrar Spaceship, Inc. says Domininkas Virbickas.

    This network demonstrates the industrialization of online fraud, added Virbickas. Automation and template-based site creation now allow single
    actors to manage entire fraudulent ecosystems that mimic legitimate online retail. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cybercriminals-are-industrializing-dece ption-new-report-reveals-how-major-global-cybercrime-syndicates-have-infiltrat ed-trusted-domains-with-millions-now-at-risk-heres-what-you-need-to-know


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)