BrianKrebs on Nostr: Wired has a good story about research from Zach Edwards about a huge scam targeting ...
Wired has a good story about research from Zach Edwards about a huge scam targeting kids with Roblox and Fortnite "offers" that has been "hiding in plain sight for years." The story concerns CPABuild, which is an affiliate program that is very much like the "circle jerk" porn sites of old, only instead of dangling porn they're dangling offers you will never be able to collect, even as they collect all kinds of info about you.
https://www.wired.com/story/poison-pdf-scam-fortnite-roblox/CPAbuild has been around for some time, and probably deserves more attention. In the meantime, it appears CPAbuild comes w/ default Google Analytics codes built in.
This one, e.g., is currently in the HTML source code of than 5,000 newly registered websites, according to
https://dnslytics.com/reverse-analytics: UA-85922709.
Published at
2023-08-15 14:55:23Event JSON
{
"id": "2fc043b524689719e7fd542086c0ac59427b44661c465b9ba062a7a5e3ef3965",
"pubkey": "1a5ac5b37984c5e37a11bc914029a81f025326ea7950c9475d9a3f21a494cb56",
"created_at": 1692111323,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/briankrebs/statuses/110894207702958774",
"activitypub"
]
],
"content": "Wired has a good story about research from Zach Edwards about a huge scam targeting kids with Roblox and Fortnite \"offers\" that has been \"hiding in plain sight for years.\" The story concerns CPABuild, which is an affiliate program that is very much like the \"circle jerk\" porn sites of old, only instead of dangling porn they're dangling offers you will never be able to collect, even as they collect all kinds of info about you.\n\nhttps://www.wired.com/story/poison-pdf-scam-fortnite-roblox/\n\nCPAbuild has been around for some time, and probably deserves more attention. In the meantime, it appears CPAbuild comes w/ default Google Analytics codes built in. \n\nThis one, e.g., is currently in the HTML source code of than 5,000 newly registered websites, according to https://dnslytics.com/reverse-analytics: UA-85922709.\n\nhttps://media.infosec.exchange/infosecmediaeu/media_attachments/files/110/894/200/250/185/432/original/e560ea2d9b4c6e8b.png",
"sig": "f1c4a51abae513f829ffb1c60d557a929ed7a221e10ba7c7c00147730fac8df746a68a83a2c014c4ee48a2267b1ec7f5c0c5d1cf30f352004171cee20e086cb3"
}