A report by Infoblox indicates that over 200,000 websites are utilizing investment scam templates developed with the Chinese framework Uni-App. Although Uni-App is a legitimate cross-platform development toolkit, it is being exploited by threat actors to create a range of fraudulent sites, particularly in the investment sector, including fake cryptocurrency exchanges and gambling sites.
Infoblox has mapped out more than 236,000 domains linked to these scams, with the activity increasing notably since mid-2022, particularly following the RainbowEx scandal. These scams are run by multiple operators, indicating a vast and organized network of fraudulent activities. The report underscores the need for heightened monitoring and analysis of these threat actors and their interconnected operations.