News Security

Infoblox Exposes Savvy Seahorse

Savvy

Savvy Seahorse is a DNS threat actor who uses Facebook ads to lure users into fake investment platforms, where they steal their personal and financial information.

Infoblox reveals the details of Savvy Seahorse in a new threat intel report. Savvy Seahorse is a DNS threat actor that has been deceiving victims into depositing funds into fraudulent investment platforms, falsely attributed to renowned entities such as Tesla, Meta, or Imperial Oil. To achieve this they used a variety of advanced lure techniques, such as fake chatbots, Meta Pixel tracking, and multiple payment processing domains.

The threat intel report, titled “Beware the Shallow Waters: Savvy Seahorse Lures Victims to Fake Investment Platforms Through Facebook Ads”, demonstrates how Savvy Seahorse uses a previously unreported technique of abusing the Domain Name System to distribute traffic for their scam campaigns and avoid detection. It provides a comprehensive analysis of Savvy Seahorse’s operations (that date back as early as August 2021), infrastructure, and techniques, as well as indicators of activity to help security professionals and organizations detect and block this threat actor.

Imagine you’re scrolling through Facebook and you see an ad for a new investment platform promising high returns. This is like seeing a sign for a new bank in town offering a great interest rate. You click on the ad and it takes you to a website that looks professional and trustworthy, just like walking into a sleek, modern bank branch.

This is where Savvy Seahorse comes in. They’re the ones who put up that ad and created that website. But unlike a legitimate bank, they’re not interested in helping you grow your money. They’re interested in stealing it.

Here’s how they do it:

  • Fake Investment Platforms: Just like a fake bank might try to get you to deposit your money with them, Savvy Seahorse lures users into fake investment platforms. These platforms might look real, but they’re just a front for their scam.
  • Personal Information: Once you’re on their platform, they’ll ask for your personal and financial information. It’s like a fake bank asking for your Social Security number and bank account details.
  • Changing Tactics: Savvy Seahorse is sneaky. They change their IP addresses (like changing their physical location) and create multiple subdomains (like opening up multiple fake bank branches) to avoid getting caught.

Related posts

Tenable Security Center Adds Powered Features

Enterprise IT World MEA

What is the Status of Quantum-safe Digital Signatures?

Enterprise IT World MEA

Hackers Stole US$2.2 Billion in Crypto Through 2024, Chainalysis Research

Enterprise IT World MEA

Leave a Comment