BforeAI has published its latest malicious infrastructure attack report on Bybit opportunists. In the three weeks following the Bybit breach announcement, the threat research team at BforeAI collected 596 suspicious domains originating from at least 13 countries.
The domains reveal a range of methods employed to siphon cryptocurrency assets by targeting Bybit users. Of the almost 600 suspicious domains, 119 (20%) were confirmed by BforeAI as malicious actions.
The threat research team documented various websites designed to resemble Bybit funds recovery. The websites highlighted the term “unauthorized activities”, creating a sense of urgency around the recent incident and the fear of financial loss to psychologically trigger a victim to take immediate action without considering the source.
The research team also noted an automated strategy for rapid domain deployment. Ordered “-a,” “-b,” “-c,” “-d,” “-e,” and “-f” suffixes indicate variations of the main domain likely made for phishing attacks while maintaining a naming convention for legitimacy.
While most Bybit-related domains were successfully detected and mitigated, researchers observed a new evasion tactic: truncated domains using ‘bb, ‘ which allowed phishing campaigns to remain undetected and active.
You can read the report here.
Like this:
Like Loading...
Related
This entry was posted on April 3, 2025 at 8:09 am and is filed under Commentary with tags BforAI. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
BforeAI Has New Threat Research About Threat Actors Targeting Bybit Users Following Breach
BforeAI has published its latest malicious infrastructure attack report on Bybit opportunists. In the three weeks following the Bybit breach announcement, the threat research team at BforeAI collected 596 suspicious domains originating from at least 13 countries.
The domains reveal a range of methods employed to siphon cryptocurrency assets by targeting Bybit users. Of the almost 600 suspicious domains, 119 (20%) were confirmed by BforeAI as malicious actions.
The threat research team documented various websites designed to resemble Bybit funds recovery. The websites highlighted the term “unauthorized activities”, creating a sense of urgency around the recent incident and the fear of financial loss to psychologically trigger a victim to take immediate action without considering the source.
The research team also noted an automated strategy for rapid domain deployment. Ordered “-a,” “-b,” “-c,” “-d,” “-e,” and “-f” suffixes indicate variations of the main domain likely made for phishing attacks while maintaining a naming convention for legitimacy.
While most Bybit-related domains were successfully detected and mitigated, researchers observed a new evasion tactic: truncated domains using ‘bb, ‘ which allowed phishing campaigns to remain undetected and active.
You can read the report here.
Share this:
Like this:
Related
This entry was posted on April 3, 2025 at 8:09 am and is filed under Commentary with tags BforAI. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.