Sudan4tech | Bitcoin blockchain cryptocurrency and Cybersecurity news

JPMorgan Opens Bitcoin Fund to Wealthy Clients

JPMorgan Opens Bitcoin Fund to Wealthy Clients

JPMorgan Chase has partnered with the Bitcoin-focused institutional-grade platform New York Digital Investment Group to offer the passively managed Bitcoin fund in-house, CoinDesk reports citing two sources close to the matter.

Advisers at the bank were prepared for the offering in a launch call just yesterday, according to CoinDesk, who also reported that the fund will be “presented to clients as the safest and cheapest bitcoin investment vehicle available on the private markets.”

A source told CoinDesk that the fund would be easily convertible to an ETF once that product has set a precedent of approval by the SEC. The fund hasn’t secured any clients’ investments yet.

Note that NYDIG, the partners of JPMorgan in offering this fund, have already filed for a Bitcoin ETF, following many other firms, such as Invesco, who filed just today.

US Government Has Seized Cryptocurrencies Worth $1.2 Billion So Far This Year – Regulation Bitcoin News

The U.S. government has seized cryptocurrencies worth $1.2 billion so far this year, according to an Internal Revenue Service director. This is a significant increase from $137 million in crypto seized the previous year.

$1.2 Billion in Cryptocurrencies Seized

Jarod Koopman, director of cybercrime at the Internal Revenue Service (IRS), shared some information on cryptocurrencies seized by the government with CNBC Wednesday. His division typically handles crypto tracing and open source intelligence, which includes investigating tax evasion, filing false returns, and money laundering.

He noted that the seizure of cryptocurrencies is usually a group effort involving agencies such as the Federal Bureau of Investigation (FBI), Homeland Securities Investigations, the Secret Service, and the Drug Enforcement Agency (DEA).

“We all come together when it’s time to execute any type of enforcement action, whether that’s an arrest, a seizure, or a search warrant. And that could be nationally or globally,” Koopman explained. The director then revealed how much cryptocurrency has been seized this year compared to the previous two fiscal years, which run through Sept. 30. He detailed:

In fiscal year 2019, we had about $700,000 worth of crypto seizures. In 2020, it was up to $137 million. And so far in 2021, we’re at $1.2 billion.

Multiple agents are involved during the actual seizure to ensure proper oversight, Koopman detailed. “We maintain private keys only in headquarters so that it can’t be tampered with.” Once a case is closed, the U.S. Marshals Service (USMS) auctions off the seized cryptocurrencies. To date, the USMS has auctioned more than 185,000 BTC.

Last week, the Department of Justice (DOJ) hired crypto custodian firm Anchorage Digital to be its custodian for the cryptocurrency seized or forfeited in criminal cases.

Koopman explained that the auctioning process — in blocks, at fair market value — is unlikely to change. Noting that the government is not trying to time the market to get the best prices, he said:

You basically get in line to auction it off. We don’t ever want to flood the market with a tremendous amount, which then could have an effect on the pricing component.

What do you think about the U.S. government seizing $1.2 billion in cryptocurrency? Let us know in the comments section below.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

A Gem Within a Crowded Space

The cryptocurrency industry is expanding at a fast pace. Hundreds upon hundreds of projects are being launched on a daily basis, promising to become the next big thing. While some of these startups make strides to expand the utility of their networks, others are trying to gain some visibility in such a crowded market.

It has become very easy for market participants to be carried away by tokens that, without any intrinsic value, manage to increase in price rapidly. Pump and dumps have become the norm, inadvertently stealing the spotlight of some of the most innovative cryptocurrency projects in the space. But just as it happened during the bear market of 2018, only the fundamentally strong will be able to weather any storm.

One of those cryptocurrencies that sets itself apart from the pack is CluCoin. Indeed, CluCoin is more than just a cryptocurrency. It is a community!

Led by popular Twitch streamer DNP3, CluCoin has taken a whole different approach never seen before in the cryptocurrency industry. The distributed ledger startup rewards token holders and contributes to charity on every transaction within its network. As a matter of fact, 10% of each transaction is taxed, with 5% going to the liquidity pool and another 5% being redistributed back to all CLU holders.

CluCoin’s mission is to enrich and empower its vibrant community or as DNP3 calls it, the CLUmmunity, to help them reach their goals and thrive.

“Our goal is to improve all of our community members’ lives while also making the world a better place through charitable donations. We donate all money that is earned from our charity wallet reflections to a charity of the CluCoin Community’s choice,” said DNP3.

The community-oriented crypto startup has donated $125,000 to the Save the Children Organization, but that is not all. It has filed a 501(c)(3) application for a non-profit organization dubbed CLUnited. The new initiative would be a separate 100% charitable entity that will work together with CluCoin to provide tax-deductible donations and alleviate suffering worldwide.

The team of developers, academics, and industry experts building on the CLU thesis are also dedicated to creating online spaces for members to socialize, build virtual worlds, and play free games together while earning prizes. CLU has established a system for play-to-earn gaming that lowers the barriers of access for CLUmmunity members. Any token holder can join and earn cryptocurrencies and NFTs while playing some of the most popular blockchain games.

More recently, CluCoin invested in the popular play-to-earn NFT game Axie Infinity to launch a scholarship program. The idea behind the CLU Scholarships are to allow those with fewer resources to participate and earn in online games where they would typically not be able to. The CluCoin Axie Infinity Scholarship Program has given out more than 100 scholarships thus far, enabling players to earn extra income while providing the assistance and guidance they need to succeed.

As the CLUmmunity grows stronger through CluCoin’s community-oriented incentivization model, the team behind this project has dedicated countless hours of work to expand CLU’s utility and enable access to a broader audience. Cryptocurrency enthusiasts can now buy CLU directly on the project’s website using the “Swap” feature. Moreover, CluCoin implemented the world’s first Quest NFT system, where users can complete tasks to earn exclusive rewards and NFTs for free!

The hyper-deflationary, auto-generating liquidity protocol with intelligent static farming has already set a strong foothold in the cryptocurrency market despite launching in early May. With over 70,000 CLU holders worldwide, CluCoin is one of the most valuable gems born in 2021 with limitless potential.

Bitcoin SV Sees 51% Attack

The below is from a recent edition of the Deep Dive, Bitcoin Magazine‘s premium markets newsletter. To be among the first to receive these insights and other on-chain bitcoin market analysis straight to your inbox, subscribe now.

The altcoin Bitcoin SV was 51% attacked earlier this week, and thus arose an opportunity to highlight the importance of the security model for “decentralized” blockchains. This tweet thread from Lucas Nuzzi does a great job of explaining what occurred.

The notions that bitcoin is “too slow” or that it doesn’t have “enough transactions per second” to be global money that many proponents of altcoins have championed over the years are based on incorrect assumptions and understanding of how blockchains work and what they fundamentally solve.

NFTs With Augmented Reality and Virtual Reality – Sponsored Bitcoin News

OVR is collaborating with BlackPool to add augmented reality (AR) and virtual reality (VR) to its ERC-721 NFTs at OVRLands.

According to reports, the popular digital world of Non-Fungible Token OVRLands, would now have the ability to offer new experiences that give room for every kind of imagination.

Thanks to the entry of BlackPool, a decentralized autonomous organization (DAO) built exclusively for NFT gaming and trading, now augmented and virtual reality will add experiences to the NFT world.

OVRLands are ERC-721 NFTs representing one of the 1.6 trillion unique hexagons in this digital world played by OVR. Owners can create their own virtual worlds on these virtual lands, adding content like on web pages, which can be viewed on the OVR app (available on both Android and iOS).

With BlackPool entering the OVR metaverse, it is also revealed that the DAO would have also acquired OVRLands’ NFT Eiffel Tower. On May 3, the 60-OVRLands package defined as NFT Eiffel Tower from AKA Cambebert was sold on OpenSea for 38.6 ETH (the equivalent of $106,960).

Here’s how BlackPool comments on its participation:

“We at BlackPool, must and will stand by such a visionary project with a true degen soul and unwavering ambition. We shall now join them in their quest and build the most exciting experiences at the Eiffel Tower, showcasing BlackPool’s ambitions and vision and generating value to The Troop. […] Be there on the day when you will be able to skydive off the top of the tower, slackline over Paris or attend the most degen party at the Champs de Mars… and much more as we can create infinite types of interaction logic within the OVR metaverse”.

OVR and BlackPool: NFTs and the DAO structure

Another association resulting from this OVR and BlackPool collaboration is the entry of a DAO structure that collaborates with the digital layer of the OVRLands NFTs.

As defined by BlackPool itself, its DAO structure seems to be compared to a quantitative NFT hedge fund, governed by smart contracts and controlled by humans.

In essence, BlackPool’s DAO allows people to contribute in ETH and use these to invest in NFT assets across many vertical sectors, with the aim of generating value for xBPT holders.

BPT would be BlackPool’s ERC-20 governance token that provides decentralization over decisions regarding the platform. On the other hand, xBPT would be the staked value of BPT, i.e. the counter value of what is obtained by staking BPT.

So, while BlackPool will be raising the bar for NFT OVRLands, OVR is proceeding to expand into the world of augmented and virtual reality on its own.

In fact, early last July, OVR revealed that it had updated its augmented reality chat app. The new face-to-face AR chats allow users to talk to friends within the OVR app using avatars to interact.

This is a sponsored post. Learn how to reach our audience here. Read disclaimer below.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Cryptocurrency Swap Not Banned in Iran, President’s Legal Team Says – Regulation Bitcoin News

Current regulations do not prohibit the swapping of digital currencies, according to the Iranian Vice Presidency for Legal Affairs. The department has stated its position in correspondence with an ICT industry association which wanted to know what rules apply to cryptocurrency exchange, local media reported.

Converting a Cryptocurrency Into Another Is Not Against Iranian Law

Regulations approved by the Tehran government in 2019 do not ban the swapping of cryptocurrencies, the Vice Presidency for Legal Affairs said in response to an inquiry by the Iranian Information and Communication Technology Guild. According to a report by the English-language business daily Financial Tribune, the association has asked for clarification on the applicable crypto rules.

In a letter to the ICT Guild, the legal department under the office of the Iranian president noted that the law states that cryptocurrency cannot be used for payments inside the country. It pointed out that the current rules are in accord with the country’s monetary and banking legislation and concluded:

Converting one cryptocurrency into another digital currency is not illegal.

The legal experts also emphasized that banks and moneychangers in the Islamic republic are allowed to use cryptocurrency minted by licensed miners inside Iran to pay for imports. Although Iranian authorities have tried to curb crypto-fiat trading, domestic banks and exchangers were authorized by the Central Bank of Iran (CBI) to work with locally mined cryptocurrency. The move can help Iranian businesses in their efforts to circumvent U.S.-led sanctions.

Two years ago, Iran recognized cryptocurrency mining as a legal industrial activity and authorized dozens of entities to extract digital currencies using the country’s cheap energy. However, the extraordinarily hot summer this year raised power demand and mining was partially blamed for electricity shortages and blackouts across the country. The government went after illegal miners and said it would shut down even licensed enterprises during hours of peak consumption.

Calls to properly regulate the crypto industry amid rising popularity of digital currencies have been mounting and in early July, lawmakers proposed legislation designed to put the sector in order. While the draft law effectively bans cryptocurrency payments in the Islamic Republic, it aims to support mining and regulate the crypto exchange market. In June, then-president Hassan Rouhani insisted the government should implement the “necessary laws and instructions” as soon as possible.

On June 18, Iranians elected Ebrahim Raisi as their new president and he assumed office on Aug. 3. In the Islamic Republic, the president serves as the head of government and the incumbent can appoint vice presidents to head departments and organizations involved in the exercise of presidential powers. Under Rouhani, Iran had a dozen vice presidents, including one responsible for legal affairs, Laya Joneydi.

Do you think the Iranian government will eventually permit crypto-fiat exchange in the country? Share your thoughts on the subject in the comments section below.

Tags in this story
association, clarification, Coins, crypto exchange, Ebrahim Raisi, Election, Hassan Rouhani, ICT Guild, industry association, inquiry, Iran, Iranian, Legislation, Organization, Position, Presidency, President, Regulations, response, rules, swap, Swapping, trading, vice presidency, vice president

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

$364 Billion Investment Manager Invesco Files For Bitcoin ETF

Independent investment firm Invesco, which currently operates 233 ETFs in the U.S., quietly applied for a Bitcoin ETF on Thursday.

The filing for a Bitcoin Strategy ETF falls under the 40 Act, a notable move that follows public recommendations by SEC Chairman Gary Gensler. Gensler spoke of the potential paths to a Bitcoin ETF earlier this week, at the time stating that he believes the act “provides significant investor protections” and that it will be used to evaluate applications.

Invesco is the first firm to file after the preferences expressed by Gensler. Eric Balchunas, senior ETF analyst for Bloomberg noted on Twitter that it was a “rare 6am filing = rushed it out. Won’t be surprised if we see 5-10 of these by Friday night.”

FBI Joins Probe Into Collapsed South African Bitcoin Ponzi Scheme – Regulation Bitcoin News

In what is seen as a boost for Mirror Trading International (MTI) investors, United States investigators are said to have joined the probe into the collapsed bitcoin scheme. According to a report, the U.S. investigators’ goal for joining this probe is to help “recover the assets of out-of-pocket investors.”

FBI Interest

Confirmation of the U.S. Federal Bureau of Investigation’s involvement in the MTI case comes just a few days after reports emerged that the scheme’s masterminds had filed an application seeking to stall the liquidation process. As reported by News, the application also opposes attempts to declare MTI — which has been labeled the biggest bitcoin scam — an illegal business.

Despite this attempt and other attempts to halt proceedings against MTI, the Bloomberg report suggests the U.S. law enforcement agency is already engaging MTI liquidators. The report explains:

[Liquidators] had meetings with international law enforcement agencies like the Federal Bureau of Investigation [FBI], after being approached by them. The FBI is joining forces with the liquidators of Mirror Trading International in the interest of several US and local investors.

While a majority of MTI investors are believed to be based in South Africa, a significant number of the company’s 260,000 investors are also thought to be based outside the country. In fact, as past actions by American regulators already indicate, some of these investors are based in the U.S and this helps to explain the FBI’s interest in the case.

Liquidators Dismiss Claims by the Markses

In the meantime, the Bloomberg report also quotes MTI liquidators responding to claims by Cheri and Cylnton Marks that declaring MTI an illegal business will be detrimental to the interests of investors. The liquidators explained:

It is not correct that having the business model of MTI declared a fraudulent and illegal scheme would allow the liquidators to seize all of the money that flowed into the scheme. Liquidators will only be entitled to recover payments made to investors which were not legally owed to them.

According to liquidators, funds recovered will only be “spent reimbursing MTI’s true victims.”

Do you think the involvement of the FBI will increase the chances of funds being recovered? Tell us what you think in the comments section below.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Salesforce Release Updates — A Cautionary Tale for Security Teams

On the surface, Salesforce seems like a classic Software-as-a-Service (SaaS) platform. Someone might even argue that Salesforce invented the SaaS market. However, the more people work with the full offering of Salesforce, the more they realize that it goes beyond a traditional SaaS platform’s capabilities.

For example, few people talk about managing the security aspects of Salesforce Release Updates. By understanding what Release Updates are, why they pose a security risk, and how security teams can mitigate risk, Salesforce customers can better protect sensitive information.

How to ensure the right configurations for your Salesforce security

What are Salesforce Release Updates?

Since Salesforce does not automatically update its platform, it does not follow the traditional SaaS model. For example, most SaaS platforms have two types of releases, security, and product improvements. Urgent security updates are released as soon as a security vulnerability is known, and product improvements are released on fixed dates, such as quarterly or monthly. As part of the SaaS model, the vendor automatically updates the platform.

The update and patching policy benefits the customer and the SaaS provider. The customers don’t need to worry about updating the system so they can focus on the core aspects of their business. Meanwhile, the SaaS provider does not need to develop multiple update versions or worry about the most recent version installed by the customer.

Better yet, the SaaS provider does not need to worry that customers will experience a security breach because it automatically installs the security patch for everyone. It just makes everyone’s life easier and is one of the reasons that SaaS platforms are immensely popular.

Salesforce Updates Work Differently

Salesforce works differently, very differently. They use a hybrid system that is similar in some ways to traditional software that requires the customer to apply updates until EOL and a modern SaaS platform. Salesforce offers regular seasonal service updates and security updates as needed. However, neither update is implemented automatically.

Salesforce gives admins a “grace period” where they can choose to update the platform. At the end of this period, Salesforce pushed the update through automatically.

For example, Salesforce introduced the Enforce OAuth Scope for Lightning Apps security update in Summer 2021. The provider recommends that organizations apply it by September 2021. However, Salesforce will not enforce it until Winter 2022. This is an important security update, but customers do not need to install it immediately.

Why Salesforce Updates Work Differently

While Salesforce encourages admins to run through a checklist and apply the updates, it realizes that customers rely on the platform’s flexibility and that changes can impact the customizations, like custom developments and integrations.

Since any update can be catastrophic for an organization, Salesforce gives customers time to review the update’s content and prepare the organization’s Salesforce before activating the changes.

What is the importance of Salesforce Security Updates?

The Salesforce Security Updates are, as the name suggests, for security purposes. They are published to fix a security issue, prevent attacks, and strengthen the security posture of a Salesforce tenant. Therefore, customers should install them as soon as possible.

Once Salesforce publishes an update, the vulnerability it is patching becomes general knowledge. This knowledge means the weakness is equal to a common vulnerability or exposure (CVE) but without the assigned number. Bad actors can easily get access to all the information regarding the exposure and create an attack vector that utilizes the published vulnerability. This places all organizations that have not enforced the security update vulnerable to an attack.

Since most attacks are based on known, published, 1-day vulnerabilities, waiting to apply the update creates a data breach risk. All bad actors use 1-day attacks, from script kids to professional ransomware hackers, since weaponizing them is much easier than looking for an unknown vulnerability. Most bad actors look for low-hanging fruits – organizations without updated software or that have lax security.

This is why security professionals call the period from vulnerability until the organization enforcing a security update the golden window for attacks. For that reason, it is critical to update all software to the latest stable version and install security updates as soon as possible.

The case of access control for guest users

This is not just a hypothetical or interesting story. In October of 2020, security researcher Aaron Costello discovered that access control permission settings in Salesforce might allow unauthenticated users (“guest users”) to access more information than intended by using cumulative weaknesses in Salesforce, including

  • old and not secure Salesforce instances,
  • problematic default configurations,
  • complicity and advanced abilities of “@AuraEnabled” methods.

Salesforce suggested security measures for guest users, objects, and APIs, while also pushing Security Updates in the following Winter ’21 and Spring ’21 releases.

Among the Security Updates were Remove View All Users Permission from Guest User Profiles and Reduce Object Permissions for Guest Users.

Both suggestions directly address the security threat’s root cause. Problematically, this was too little too late because bad actors had known about the vulnerability since October 2020. By the time Salesforce pushed the updates to the different tenants, the admins needed to activate the updates manually. This means that a customer might have been at risk for anywhere from 6 – 9 months before fixing the vulnerability themselves.

The security team’s responsibility for Salesforce Security

While Salesforce provides value to organizations, its approach to managing security updates makes it a unique type of SaaS. Additionally, it is an extremely complex system with thousands of configurations. While many don’t seem important to security, they can actually impact a Salesforce tenant’s posture.

Therefore, the CISO or security team needs to be involved more than they normally would when managing Salesforce. They need to:

  • make sure configurations are done with security in mind,
  • monitor changes,
  • make sure updates don’t worsen the organization’s security posture,
  • insist that Security Updates are installed as soon as possible
  • make sure that the security hygiene of the Salesforce tenant is good.

Fortunately, the category of SaaS Security Posture Management (SSPM) tools address these tasks, and Adaptive Shield is a market-leading solution in this category to enable optimal SaaS security posture automatically.

How can Adaptive Shield help secure Salesforce?

Adaptive Shield understands the complexity of securing Salesforce, among many other SaaS platforms, as Adaptive Shield provides an enterprise’s security teams complete control of their organizations’ SaaS apps with visibility, detailed insights, and remediation across all SaaS apps.

The platform helps Salesforce admins, CISOs, and security teams track and monitor the settings and configuration updateswith security checks that ensure that the Salesforce tenant is configured and secured properly. This includes monitoring permissions, “@AuraEnabled” methods, API security, and authentication.

Adaptive Shield also provides clear priority-based mitigation information so admins and security teams can swiftly secure the Salesforce tenant to maintain a strong security posture. The Adaptive Shield platform makes the task of securing a Salesforce tenant from cumbersome, complex, and time-consuming — to an easy, clear, quick, and manageable experience. This prevents such vulnerabilities as the example above by breaking the chain of misconfigurations and unenforced updates.

Get in touch to ensure your Salesforce, or any other SaaS app, is secure today.

Note: This article is written by Hananel Livneh, Senior Product Analyst at Adaptive Shield.

A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service

Multiple cybercriminal groups are leveraging a malware-as-a-service (MaaS) solution to distribute a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish against individuals in Belgium as well as government agencies, companies, and corporations in the U.S.

Stack Overflow Teams

Dubbed “Prometheus TDS” (short for Traffic Direction System) and available for sale on underground platforms for $250 a month since August 2020, the service is designed to distribute malware-laced Word and Excel documents and divert users to phishing and malicious sites, according to a Group-IB report shared with The Hacker News.

More than 3,000 email addresses are said to have been singled out via malicious campaigns in which Prometheus TDS was used to send malicious emails, with banking and finance, retail, energy and mining, cybersecurity, healthcare, IT, and insurance emerging the prominent verticals targeted by the attacks.

“Prometheus TDS is an underground service that distributes malicious files and redirects visitors to phishing and malicious sites,” Group-IB researchers said. “This service is made up of the Prometheus TDS administrative panel, in which an attacker configures the necessary parameters for a malicious campaign: downloading malicious files, and configuring restrictions on users’ geolocation, browser version, and operating system.”

The service is also known to employ third-party infected websites that are manually added by the campaign’s operators and act as a middleman between the attacker’s administrative panel and the user. To achieve this, a PHP file named “Prometheus.Backdoor” is uploaded to the compromised website to collect and send back data about the victim, based on which a decision is taken as to whether to send the payload to the user and/or to redirect them to the specified URL.

The attack scheme commences with an email containing a HTML file, a link to a web shell that redirects users to a specified URL, or a link to a Google Doc that’s embedded with an URL that redirects users to the malicious link that when either opened or clicked leads the recipient to the infected website, which stealthily collects basic information (IP address, User-Agent, Referrer header, time zone, and language data) and then forwards this data to the Prometheus admin panel.

Prevent Ransomware Attacks

In the final phase, the administrative panel takes responsibility for sending a command to redirect the user to a particular URL, or to send a malware-ridden Microsoft Word or Excel document, with the user redirected to a legitimate site like DocuSign or USPS immediately after downloading the file to mask the malicious activity. Besides distributing malicious files, researchers found that Prometheus TDS is also used as a classic TDS to redirect users to specific sites, such as fake VPN websites, dubious portals selling Viagra and Cialis, and banking phishing sites.

“Prometheus TDS also redirected users to sites selling pharmaceutical products,” the researchers noted. “Operators of such sites often have affiliate and partnership programs. Partners, in turn, often resort to aggressive SPAM campaigns in order to increase the earnings within the affiliate program. Analysis of the Prometheus infrastructure by Group-IB specialists revealed links that redirect users to sites relating to a Canadian pharmaceutical company.”