Cybersecurity researchers have uncovered a massive criminal operation leveraging a legitimate development framework to create hundreds of thousands of malicious websites. This alarming discovery reveals how threat actors are exploiting the DCloud Uni-App platform—a Chinese open-source, cross-platform application development framework—to build sophisticated scam operations at an unprecedented scale.
Recent investigations by Infoblox have identified over 236,000 websites utilizing scam templates built with DCloud Uni-App. These templates power a wide array of fraudulent activities, including bogus cryptocurrency exchanges designed to steal digital assets, multi-language pig-butchering investment scams that build trust with victims before draining their accounts, WhatsApp phishing networks that compromise messaging accounts, fake gambling platforms that manipulate games, and brand-impersonation sites that trick users into revealing sensitive credentials or financial information. The legitimate nature of the underlying framework makes these scams particularly dangerous