Threat Actors Mimic CNN, BBC, and CNBC Websites to Promote Investment Scams

Cybersecurity researchers have identified a sophisticated international fraud campaign that leverages impersonated news websites from major outlets including CNN, BBC, CNBC, News24, and ABC News to orchestrate large-scale investment scams.

The operation demonstrates advanced social engineering tactics combined with technical deception methods to target victims across multiple countries.

The campaign operates through a multi-stage attack vector beginning with sponsored advertisements on Google and Facebook platforms.

These ads follow predictable patterns featuring local celebrities and headlines promising “passive income streams” that appear to originate from legitimate news sources.

The technical infrastructure supporting this operation spans an extensive network of fraudulent domains designed to mirror authentic news websites with remarkable precision.

Malwarebytes analysts noted that the threat actors have established approximately 17,000 baiting news sites distributed across 50 countries, with the United States serving as the primary target region.

The researchers discovered that these malicious actors maintain sophisticated fake trading platforms with names including Eclipse Earn, Solara Vynex, and Trap10, each designed to simulate legitimate investment environments.

Technical Infrastructure and Domain Analysis

The campaign’s technical foundation relies heavily on domain typosquatting techniques and the exploitation of cheap top-level domains (TLDs) to create convincing replicas of established news outlets.

Analysis reveals consistent use of domains ending in .xyz, .io, .shop, and .click extensions, which provide cost-effective alternatives to premium domain registrations while maintaining sufficient visual similarity to deceive targets.

The threat actors implement URL structures that closely mimic legitimate news websites, incorporating recognizable branding elements and familiar navigation patterns.

These sites utilize content management systems configured to automatically generate articles featuring local celebrities and region-specific investment opportunities, creating personalized attack vectors that increase victim engagement rates and conversion potential.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now