Intel Name: Domains redirecting to sites distributing pup android apk files
Date of Scan: November 18, 2024
Impact: Medium
Summary: Over the past three months, we have tracked a campaign, designated redir_pup_apk_dist, involving 1,346 domains redirecting users to sites distributing potentially unwanted Android APK files. These landing pages primarily promote adult or gambling applications and use similar design templates. The initial domain names are typically 5-6 character numeric strings followed by common TLDs like .com or .me. The campaign’s domain registration peaked on November 3, 2024, and often involves a traffic distribution system (TDS) URL in the redirection chain.