Confiant researchers published a report detailing the operations of CashRewindo – which is promoting investment scams through malvertising.
They tune the digital ads that appear on legitimate sites to redirect users to a fake landing page, which may eventually result in stealing their funds through various means. The scammer here is said to be so sophisticated, considering his acts of customizing the ads according to the target audience.
Aged Domains and Malvertising
As per Confiant, a sophisticated threat actor named CashRewindo has been malvertising on legitimate sites to lure people into investing in fake options. Targeting people in Europe, Asia, Africa, and North and South America, the scammer is using customized language and currency to seem legitimate to the local audience.
Tracking since 2018, the Confiant researchers said that CashRewindo is using aged domains in his campaign to avoid suspicion. This is a different approach compared to the current scammers, who use new domains to host their fake pages and rug pull when done.
Confiant detected 487 domains used by CashRewindo, with some being registered in 2008 and used for the first time in 2022. The ads are customized to show according to the viewers’ timezone, device platform, and language – so as to get a better click rate.
If the users clicking on their ads are out of their target audience, they’ll be displayed a blank page. But if they fall in the target range, they’ll be taken to a phishing page promoting a fake cryptocurrency platform, promising unrealistic profits.
Over the 12 months, Confiant recorded over 1.5 million CashRewindo ad impressions, primarily targeting Windows devices. Any investment option that guarantees a fixed return or unrealistic profits in short term is likely a scam. So be aware of such rug-pull schemes and ignore them whenever you come across them.