Prolific Puma exposed: Infoblox uncover threat actor ally

Infoblox exposes underground service provider ‘Prolific Puma’ as facilitating cybercrime by helping send phishing and malware text messages, urging caution

Infoblox has released a blog post revealing an underground service provider that is helping malicious cyber actors deliver phishing, scams and malware via text messages. 

Named Prolific Puma, the service provider has operated in the shadows unrecognised. Infoblox has detected it through Domain Name System (DNS) and has continued to expand, with new domains registered almost daily.

According to Infoblox, the service provider has been in operation for a minimum three years and uses shortened links from ‘registered domain generation algorithms’ to avoid detection. At a time where businesses are having to combat the increased sophistication of threat actors, being aware of this type of criminal activity is essential.

Link shortening service enables cybercrime

Infoblox’s technology works to provide real-time visibility and control to customers over who and what connects to their network, allowing them to hopefully build safer and more resilient security environments. The company has more than 13,000 customers worldwide and works with some of the world’s most well-known brands, including Airbus, Honda, Barclays, HSBC, and Apple.

Infoblox’s blog serves as an exposé on Prolific Puma, identifying it as a link shortening service and a significant enabler of cybercrime.

The service has consistently been successful in evading cybersecurity defences for several years. The blog also introduces new terminologies to the cybersecurity lexicon, specifically 'Domain Name System (DNS) threat actors' and 'Registered Domain Generation Algorithm' (RDGA). These terms serve to classify and describe the types of entities engaged in cybercriminal activities. 

Prolific Puma is an underground service provider that ultimately aims to aid and abet other malicious actors to evade detection. It also aids the delivery of phishing, scams and malware to consumers and possibly even businesses, with further evidence from Infoblox highlighting that links are primarily distributed via text messages.

The service also leverages RDGAs to create domain names, which are then used as link shorteners and hosted on anonymous service providers to avoid detection of their true activities. Prolific Puma is also a rampant abuser of the usTLD - a TLD (Top Level Domain) supposedly reserved for US citizens and interests, but plagued by cybercrime.

Working to protect private users and businesses

Prolific Puma highlights how DNS can be abused to support criminal activity and remain undetected for years - ultimately leaving private users and enterprises vulnerable to cybercrime.

Infoblox states that working to block Prolific Puma at DNS layers will protect users from all of the malicious content they serve and hopefully disrupt the cybercriminal economy. DNS detection and response systems can work to disrupt Prolific Puma and similar service providers, thereby thwarting all of the threat actors who rely on them to deliver phishing,  scams, and malware. 

This news also comes in the wake of Infoblox having published its 2023 Global State of Cybersecurity Report earlier in 2023. At the time, Senior Director Gabe Luis told Cyber Magazine in an interview: “During the first three months of 2023, over four million domains were added to our Suspicious Feeds … In today’s cyber climate, security teams are under tremendous pressure to protect more with less.”


For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.


BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.


Featured Articles

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

See Below for a Newly Announced Speaker List for Tech Show London 2024, as it Promises to Showcase Technology Trends Will Impact Various Sectors

Darktrace predicts AI deepfakes and cloud vulnerabilities

Darktrace reveals its top predictions for AI and cybersecurity developments in 2024, which include AI worms, hallucinations and cloud concerns

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Security

QR ‘Quishing’ scams: Do you know the risks?

Application Security