Infoblox’s latest research exposes two advanced scam actors using RDGAs to evade detection and exploit global victims.
Investment scams cost U.S. consumers a staggering $5.7 billion in 2024, according to new research from Infoblox Threat Intel. Behind this growing menace are two sophisticated cybercriminal networks: Reckless Rabbit and Ruthless Rabbit, both leveraging Registered Domain Generation Algorithms (RDGAs) to scale and conceal their fraudulent campaigns.
Reckless Rabbit uses Facebook ads featuring fake celebrity endorsements to promote sham investment platforms. By deploying thousands of domains with wildcard DNS responses, it becomes difficult for defenders to isolate which subdomains are malicious. Their reach is global, with localized content tailored to regional targets.
“The weaponization of trust and chaos is what makes today’s investment scams so effective—and so dangerous.”
Ruthless Rabbit, on the other hand, operates its own cloaking service to validate traffic, filtering out security researchers and bots. This actor impersonates news websites and global brands like WhatsApp and Meta, using dynamic URL paths to evade detection and keep scam infrastructure fluid.
“The success of these scams lies in exploiting chaos and trust,” Infoblox analysts note. Cybercriminals prey on financial anxiety and use familiar interfaces and brands to manipulate victims into handing over sensitive data or money.
Infoblox highlights the critical role of DNS-level security in detecting and blocking such threats. With RDGAs enabling adversaries to register thousands of domains at speed, automated detection and Protective DNS services become essential defenses.
For users, caution is the first line of defense. “If it looks too good to be true, especially with celebrity endorsements—question it, and verify the domain,” warns the report.
Infoblox continues to monitor and name such RDGA-based actors—dubbed “rabbits”—as they rapidly evolve.
