VERY IMPORTANT

Researchers discovered a large-scale campaign called ApateWeb that uses over 130,000 domains to deliver scareware, potentially unwanted programs, and scam pages. The campaign has complex infrastructure with multiple layers of redirection between the entry point and final payload delivery. A group controls the entry point, tracking victims before forwarding traffic. They use evasive tactics like cloaking and wildcard DNS. Since August 2022 there has been increased activity, though it has been active throughout 2022-2024. Hundreds of sites involved rank in Tranco's top 1 million websites. Millions of monthly hits come from around the world. The campaign spreads via deceptive emails and JavaScript embedded on sites. Customers using Advanced URL Filtering and DNS Security are better protected.