Chinese Framework Behind 200,000 Scam Sites: Cybersecurity Threat Unveiled

Anuj June 27, 2026
www.news4hackers.com-chinese-framework-behind-200-000-scam-sites-cybersecurity-threat-unveiled-chinese-framework-behind-200-000-scam-sites-cybersecurity-threat-unveiled
Post Views: 11

Infoblox report reveals Uni-App’s role in over 200,000 investment fraud websites, highlighting its misuse by threat actors for scams.

Uni-App: A Framework for Cross-Platform Development

Uni-App is a Chinese open-source framework designed for cross-platform application development. It enables developers to create Vue.js-based code that can be deployed as mobile apps, desktop applications, or mobile-optimized websites. While widely used for legitimate purposes in China and supported by a robust developer community, its adoption by malicious actors has raised concerns.

Infoblox’s Findings on Fraudulent Activity

Infoblox’s analysis identified Uni-App as a foundational element for over 200,000 investment fraud websites. Threat actors are distributing pre-built investment scam templates through the framework, with multiple fraudulent websites exhibiting coordinated patterns. The firm noted technical connections between domains, including synchronized fluctuations in new domain registrations across scam sites hosted on diverse providers. These patterns suggest centralized control by a single entity facing operational disruptions or executing coordinated updates.

Scam Infrastructure and Scale

The investigation uncovered more than 236,000 second-level domains associated with the scam infrastructure. These domains span fake cryptocurrency exchanges, gambling platforms, brand impersonation sites, phishing pages, and multi-language “pig-butchering” operations. One notable example is RainbowEx, a cryptocurrency platform that gained international attention after deceiving residents of an Argentine town into investing millions.

Surge in Scam Sites Post-Scandal

The domains, hosted across multiple providers, began appearing in mid-2022, with a significant surge observed after October 2024 following the RainbowEx scandal. At its peak, the number of newly detected scam sites reached approximately 15,000 per month.

High-Profile Scams and Framework Adoption

Infoblox highlighted that the majority of DCloud-fingerprinted sites are investment scams operated by independent actors, potentially numbering in the dozens or hundreds. These include fake cryptocurrency exchanges, “deposit-and-trade” platforms, crypto wallet drainers, prediction-market impersonators, and phishing sites targeting messaging applications.

Case Studies: Lightning Shared Scooter Co. and Yuechi Sharing Technology Ltd.

The framework’s adoption by high-profile scams such as Lightning Shared Scooter Co. (LSSC), which caused millions in U.S. losses, underscores its appeal to fraudsters. LSSC leveraged physical storefronts to enhance credibility while promoting unrealistic returns from a purported scooter-sharing venture. A similar operation, Yuechi Sharing Technology Ltd. (YST), remains active in Australia, New Zealand, and the U.S., using Uni-App for its frontend. While YST maintains legitimate registration documents, it is connected to a network of investment-scam websites.

Implications and Cybersecurity Recommendations

Infoblox emphasized the need for comprehensive tracking of threat actors in this ecosystem to identify shared ownership patterns. The firm noted a two-year escalation in scam websites utilizing the DCloud framework, with operators deploying increasingly sophisticated real-world schemes to exploit victims. The report highlights the framework’s growing prominence in the fraud landscape, driven by media coverage and its ease of deployment.

Cybersecurity experts urge heightened monitoring of such platforms to mitigate their misuse in financial deception campaigns.



About Author

Anuj

See author's posts

More Stories

www.news4hackers.com-online-ac-service-costly-officer-loses-lakh-in-expensive-repair-online-ac-service-costly-officer-loses-lakh-in-expensive-repair

Online AC Service Costly: Officer Loses Lakh in Expensive Repair

Anuj June 27, 2026
www.news4hackers.com-3-200-crore-cyber-money-laundering-network-exposed-166-bank-accounts-investigated-3-200-crore-cyber-money-laundering-network-exposed-166-bank-accounts-investigated

₹3,200 Crore Cyber Money Laundering Network Exposed: 166 Bank Accounts Investigated

Anuj June 27, 2026
www.news4hackers.com-three-up-men-arrested-in-banihal-atm-fraud-case-from-leh-three-up-men-arrested-in-banihal-atm-fraud-case-from-leh

Three UP Men Arrested in Banihal ATM Fraud Case from Leh

Anuj June 27, 2026

Latest Cyber Security News

www.news4hackers.com-apple-supplier-tata-electronics-cyberattack-confidential-documents-exposed-apple-supplier-tata-electronics-cyberattack-confidential-documents-exposed

Apple Supplier Tata Electronics Cyberattack: Confidential Documents Exposed

Anuj June 27, 2026
www.news4hackers.com-online-ac-service-costly-officer-loses-lakh-in-expensive-repair-online-ac-service-costly-officer-loses-lakh-in-expensive-repair

Online AC Service Costly: Officer Loses Lakh in Expensive Repair

Anuj June 27, 2026
www.news4hackers.com-3-200-crore-cyber-money-laundering-network-exposed-166-bank-accounts-investigated-3-200-crore-cyber-money-laundering-network-exposed-166-bank-accounts-investigated

₹3,200 Crore Cyber Money Laundering Network Exposed: 166 Bank Accounts Investigated

Anuj June 27, 2026
www.news4hackers.com-three-up-men-arrested-in-banihal-atm-fraud-case-from-leh-three-up-men-arrested-in-banihal-atm-fraud-case-from-leh

Three UP Men Arrested in Banihal ATM Fraud Case from Leh

Anuj June 27, 2026
www.news4hackers.com-meity-urges-immediate-cybersecurity-audits-for-central-ministries-amid-ai-risks-meity-urges-immediate-cybersecurity-audits-for-central-ministries-amid-ai-risks

MeitY Urges Immediate Cybersecurity Audits for Central Ministries Amid AI Risks

Anuj June 27, 2026
en_USEnglish
en_USEnglish