Deceiving domain - is a participant of a social engineering attack that seeks to steal sensitive information on users' devices. The domain is just one of dozens that were used to promote an alleged greeting card scheme, where users can create seemingly harmless greetings and direct them to family members, friends, and others. In most cases, links are being distributed via social media platform message apps, such as Facebook Messenger, WhatsApp, Discord, and others, which includes the following message (along with a few emojis):

Touch This Red Dot

I am send you a surprise message. Open this

As soon as the link is clicked, users are redirected to a site where a background script is run. During this time, the threat inserts malicious processes into legitimate Windows APIs, which allows it to elevate its permissions. As a result, users who click the link can be exposed to sensitive information theft, such as passwords, emails, etc. Additionally, redirects and links will be populated to the victim's friend list via the social media platform, delivering malware to others.

Type Redirect virus, malicious background script
Aim Steal sensitive user information and deliver malicious phishing message via social media platforms to other users
Activities Injects malicious processes into legitimate Windows APIs - attack vector known as hooking violations

2CR-015: AnyRun analysis detected as malicious

AnyRun analysis detected as malicious