VulnHub

Real-time Cybersecurity News

236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers

The Hacker News
Actively Exploited
Phishing

Overview

Recent research from Infoblox has revealed that over 236,000 websites are utilizing templates from DCloud Uni-App, a legitimate Chinese application framework, to conduct various online scams. These sites are involved in investment fraud, fake cryptocurrency exchanges, phishing schemes through WhatsApp, and other deceptive activities. The exploitation of these templates raises significant concerns as users may easily fall victim to these scams, resulting in financial losses. The widespread use of such templates indicates a troubling trend in the misuse of legitimate technology for malicious purposes. It is crucial for internet users to be cautious and verify the authenticity of websites before engaging in any financial transactions.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: DCloud Uni-App templates, cryptocurrency exchanges, phishing sites
  • Action Required: Users should avoid engaging with suspicious websites and verify their legitimacy.
  • Timeline: Newly disclosed

Original Article Summary

New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocurrency exchanges, multi-language pig-butchering operations, WhatsApp phishing networks, fake gambling platforms, brand-impersonation

Impact

DCloud Uni-App templates, cryptocurrency exchanges, phishing sites

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should avoid engaging with suspicious websites and verify their legitimacy. Organizations should monitor for signs of phishing and educate employees on recognizing fraudulent sites.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing.

Read Original Article

Related Coverage

Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling

CyberScoop

The Supreme Court recently issued a ruling in the Chatrie case that is seen as a significant victory for technology privacy rights. Dissenting justices warned that this decision could lead to major changes in how the Fourth Amendment is interpreted, particularly regarding digital privacy and law enforcement's ability to access personal data. This ruling could impact how tech companies manage user data and how law enforcement conducts investigations. It raises important questions about the balance between privacy rights and public safety, making it a pivotal moment in the ongoing debate over digital privacy.

Jun 29, 2026

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

The Hacker News

WhatsApp has introduced a new feature allowing users to reserve usernames, which aims to enhance privacy for its more than three billion users. This optional feature enables individuals to connect with each other using usernames instead of sharing their phone numbers directly. The rollout of username reservations began on Monday, giving users a way to maintain their privacy while using the messaging service. This change is particularly significant as it reflects growing concerns about personal data exposure in digital communications. By providing an alternative to phone numbers, WhatsApp is responding to user demands for increased security and anonymity in their interactions.

Jun 29, 2026

U.S. offers $10 million for hackers targeting WhatsApp, Signal users

BleepingComputer

The U.S. Department of State is offering a reward of up to $10 million for information leading to the identification or location of hackers associated with two groups, UNC5792 and UNC4221. These groups are believed to have ties to Russian intelligence and military services and have been targeting users of encrypted messaging platforms like WhatsApp and Signal. This move underscores the ongoing concern about cyber threats to secure communication channels, particularly as more people rely on these platforms for private conversations. By incentivizing information about these hackers, the U.S. aims to disrupt their operations and enhance the security of messaging services used by millions. The reward reflects the seriousness of the threat posed by these groups and the need for collaboration in addressing cybercrime on a global scale.

Jun 29, 2026

⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More

The Hacker News

This week, a new vulnerability named DirtyClone was discovered in the Linux kernel, allowing local attackers to escalate privileges. This flaw emphasizes how even minor oversights, such as unpatched vulnerabilities or outdated access paths, can lead to significant security breaches. The threat is particularly concerning for users of affected Linux distributions, as attackers could potentially exploit this vulnerability to gain unauthorized access to sensitive systems. Additionally, discussions are underway in various forums about other emerging threats, including AI-driven malware tactics and the Turla backdoor, which could further complicate the security landscape. Organizations are urged to stay vigilant and apply necessary updates to protect against these risks.

Jun 29, 2026

Telegram-Based Millenium RAT Campaign Infects 60,000 Devices

Infosecurity Magazine

A new campaign involving the Millenium RAT, a remote access trojan, has reportedly affected over 62,000 devices across more than 160 countries. Researchers from Group-IB have identified that the malware has been rewritten in C++, making it more sophisticated and harder to detect. This malware primarily spreads through Telegram, which has raised concerns about the platform being exploited for malicious purposes. Users of various devices are at risk, as the trojan could allow attackers to gain unauthorized access and control over their systems. This incident underscores the need for users to be vigilant about the software they install and the links they click, particularly in messaging applications.

Jun 29, 2026

Agentic AI Has an Identity Problem and Attackers Know It

BleepingComputer

The article discusses the growing security risks associated with AI agents in enterprise systems. These AI agents have the ability to access sensitive data and perform actions across different platforms, which makes them a valuable target for attackers. Token Security emphasizes that as organizations increasingly rely on these AI tools, the importance of managing and securing their identities becomes critical. Failure to do so could lead to unauthorized access and data breaches, potentially compromising the entire enterprise infrastructure. It is essential for companies to implement robust identity governance strategies to mitigate these risks and protect their systems.

Jun 29, 2026