Prolific Puma: Uncovering a Massive Cybercrime URL Shortening Service

Security researchers have uncovered a massive cybercrime operation involving a link shortening service provided by an actor known as Prolific Puma. Prolific Puma has registered thousands of domains, primarily on the US top-level domain, to facilitate the delivery of phishing, scams, and malware. The researchers observed that the short links led to various landing pages, including phishing and scam sites. The operation is believed to involve multiple actors, and evidence suggests that text messages are the main channel for distributing the malicious links. Prolific Puma has registered up to 75,000 unique domain names since April 2022, with the majority of domains created on the usTLD. The actor uses private registration protection for some of the domains, which is not permitted in the .US namespace. The researchers have provided indicators of Prolific Puma activity, including hosting IP addresses, domains, and email addresses found in domain registration data.