DNS Early Detection – Breaking the Fake Web3 Gaming Kill Chain

Infoblox analyzed a Russian cybercrime campaign that uses counterfeit Web3 gaming projects, fake websites, ads, and messaging channels to lure victims into downloading infostealers (Stealc, Rhadamanthys, RisePro, AMOS) targeting Windows and macOS; Infoblox’s DNS Early Detection flagged 71.43% of the campaign domains as SUSPICIOUS an average of 115.4 days before OSINT listings and often within days of WHOIS registration, demonstrating the value of proactive suspicious-domain feeds for early blocking and disruption.