Over 5,000 Fake Online Pharmacies Caught Selling Counterfeit Medicines

Researchers at Gen have uncovered a vast network of over 5,000 fraudulent online pharmacy domains operated by a single cybercriminal entity dubbed MediPhantom.

This elaborate PharmaFraud operation exploits advanced techniques including domain hijacking, search engine optimization manipulation, and AI-generated content to deceive consumers seeking medications for conditions like erectile dysfunction, weight loss, and essential antibiotics.

By infiltrating legitimate medical websites and deploying deceptive banners on fake health blogs, the attackers funnel victims into malicious payment gateways, harvesting sensitive financial and personal data while distributing counterfeit or contaminated drugs that pose severe health risks.

Cybercrime Network Exposed

The infrastructure behind MediPhantom demonstrates high operational sophistication, with rotating domains to evade detection and centralized systems for live-chat support and phone-based social engineering.

Payment processes mimic legitimate e-commerce workflows but route through attacker-controlled gateways offering cryptocurrency discounts, ensuring direct exfiltration of credit card details and personal information.

Telemetry data indicates spikes in activity during high-demand periods, such as holidays, targeting multilingual audiences across Southeastern Europe, Central Europe, Western Europe, the USA, Canada, Japan, and Australia.

This global reach underscores the scalability of the threat, where active methods like spam emails and malvertising on platforms including Facebook and YouTube complement passive tactics involving compromised servers for seamless redirection.

Health Risks

Beyond financial exploitation, the counterfeit medications sold through these sites bypass regulatory safeguards, often containing incorrect dosages, toxic additives, or no active ingredients, leading to allergic reactions, treatment failures, or fatalities.

Notable cases, such as U.S. seizures of fentanyl-laced pills in 2024, highlight the lethal potential, with over 80 million fake pills confiscated nationwide.

In regions like Europe and Japan, despite stringent laws, these scams exploit drug shortages and health crises, as seen during the COVID-19 pandemic with falsified treatments.

According to the report, Gen’s proactive monitoring has led to the blocking of numerous domains and collaboration with international law enforcement for takedowns, emphasizing the need for enhanced detection of dead drop resolvers and misconfigured admin panels in similar threats.

This exposure not only disrupts MediPhantom’s operations but also raises awareness of evolving cybercrime tactics, urging consumers to verify pharmacy legitimacy through official logos and avoid unverified online purchases.

The Ultimate SOC-as-a-Service Pricing Guide for 2025– Download for Free