THE report analyzes a second cluster of over 1,100 domains linked to Chinese malware delivery, focusing on user data collection and malware dissemination. It distinguishes between two clusters: the first primarily delivered malware with minimal obfuscation, while the second utilized sophisticated JavaScript and various analytics to gather user data. The spoofed websites mimicked popular applications and used similar domain registration details.
Key findings include the collection of user data such as IP addresses and browser information, and the employment of fake login dashboards that deliver malware. The report also highlights a range of identified malicious domains and emphasizes the proactive need for monitoring these tactics as they may adapt to target broader demographics.