Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

ERIAKOS (Scam Campaign) – Malware

February 1, 2025
Reading Time: 3 mins read
in Malware
ERIAKOS (Scam Campaign) – Malware

ERIAKOS

Type of Campaign

Scam

Country of Origin

China

Date of initial activity

2024

Motivation

Financial Gain
Data Theft

Attack Vectors

Phishing

Type of Information Stolen

Financial Information
Personally Identifiable Information (PII)

Overview

In a striking display of cybercriminal ingenuity, the “ERIAKOS” scam campaign has emerged as a significant threat to online commerce, targeting unsuspecting Facebook users through a network of fraudulent e-commerce websites. Discovered by Recorded Future’s Payment Fraud Intelligence team on April 17, 2024, this intricate operation has been linked to 608 malicious sites designed to impersonate legitimate brands. By leveraging advanced tactics such as brand impersonation and malvertising, the ERIAKOS campaign aims to extract sensitive personal and financial information from victims, creating a complex web of deception and fraud. The campaign’s operational strategy is particularly noteworthy for its focus on mobile users, a demographic that is often less protected by traditional security measures. By limiting access to the fraudulent sites to mobile devices and employing ad lures on popular social media platforms like Facebook, the attackers have significantly reduced the likelihood of detection by automated security systems. This targeted approach underscores a growing trend in cybercrime where the lines between legitimate and fraudulent online activities become increasingly blurred.

Targets

Information

How they operate

At the core of the ERIAKOS campaign is the utilization of brand impersonation and malvertising. Attackers create scam websites that mimic recognizable brands, employing deceptive visuals and language to lure unsuspecting users. These websites are primarily accessible through mobile devices, a deliberate choice that significantly limits the effectiveness of automated detection systems. By focusing on mobile platforms, the campaign not only capitalizes on the rising trend of mobile commerce but also exploits the inherent security vulnerabilities often associated with mobile browsing. One of the most striking features of the ERIAKOS campaign is its use of a Content Delivery Network (CDN), specifically the domain oss[.]eriakos[.]com. This CDN serves as the backbone of the fraudulent websites, enabling attackers to deliver content quickly and efficiently while obscuring their true origins. The reliance on a CDN complicates detection efforts, as it can mask the malicious nature of the hosted websites. Furthermore, all domains associated with the campaign were registered with Alibaba Cloud Computing Ltd., adding another layer of complexity to the investigation and takedown efforts. In addition to the CDN, Recorded Future identified two specific IP addresses, 47[.]251[.]129[.]84 and 47[.]251[.]50[.]19, which were consistently used across the scam network. The ability to link multiple domains to these IP addresses is a critical step in mapping the full extent of the ERIAKOS operation. This network of interconnected domains, paired with the use of Chinese Payment Service Providers (PSPs) for transaction processing, illustrates a well-coordinated effort to facilitate financial fraud while complicating recovery efforts for victims. Moreover, the ERIAKOS campaign exhibited notable domain misconfigurations, particularly between main domains and their “www” subdomains. These technical oversights can create opportunities for further exploitation and may serve as indicators for cybersecurity teams to identify potential threats. By analyzing these configurations, security experts can develop a clearer picture of the operational framework of the scam campaign and implement more effective mitigation strategies. As the ERIAKOS campaign demonstrates, the evolving landscape of online fraud requires vigilance and adaptability from both consumers and financial institutions. The use of advanced screening techniques to evade detection signals a potential trend in scam tactics that could pose challenges for current cybersecurity technologies. Financial institutions are advised to monitor transaction data closely, blacklist suspicious merchant accounts, and educate consumers about the risks of engaging with unfamiliar websites. In conclusion, the technical operations of the ERIAKOS scam campaign highlight the need for a comprehensive understanding of modern cyber threats. By recognizing the intricate tactics employed by cybercriminals, stakeholders can better prepare to defend against similar campaigns, fostering a safer online environment for all users. The implications of such fraud extend beyond individual victimization, affecting the broader ecosystem of online commerce and requiring collective action to combat these sophisticated threats.  
References:
  • “ERIAKOS” Scam Campaign: Detected by Recorded Future’s Payment Fraud Intelligence Team
Tags: ERIAKOSFacebookMalvertisingMalwareScams
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

Google Removes 352 ‘IconAds’ Fraud Apps

Malicious Firefox Add Ons Steal Crypto Keys

Browser Cache Attack Bypasses Web Security

PDFs Deliver QR Codes in Callback Scams

Critical Sudo Flaws Expose Linux Systems

Unkillable Mac Malware From North Korea

Subscribe to our newsletter

    Latest Incidents

    Tech Incubator IdeaLab Discloses Data Breach

    Brazil’s CIEE One Exposes 248,000 Records

    McLaughlin & Stern Discloses Data Breach

    Cyberattack Hits Medtech Firm Surmodics

    Rhysida Ransomware Hits German Charity WHH

    Hacker Accesses Max Financial’s User Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial