Find notable cyber news and cases, enriched with sources, timelines, and signals.

Lucifer DaaS’s evolution into a commission-based drainer service platform

Threat Actor Meta
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

Lucifer DaaS has evolved into a structured underground drainer platform, shifting wallet theft from isolated phishing pages to a commission-based service model that scales affiliate-driven abuse. Research spanning January 2025 to early 2026 shows the operation adding automation, website cloning, and wallet-security bypasses, which lowers the barrier for affiliates and increases the reach of crypto theft. The ecosystem’s operational resilience after bot bans and domain suspensions makes disruption harder and helps sustain repeated theft campaigns.

Related Happenings

Ghost Networks crypto-clipper promotion campaign

Campaign
H score15 First: 17.06.2026 21:14 Last: 17.06.2026 21:14 Sources 1

About this happening: **Unknown threat actor** is running an **active June 2026** campaign that fakes legitimacy to distribute a **Rust-based clipboard hijacker**. The operation uses **bogus GitHub sta...

Triad Nexus expands fraud ecosystem and shifts into emerging markets after 2025 US sanctions

Threat Actor Meta
H score43 First: 14.04.2026 15:00 Last: 14.04.2026 15:00 Sources 1

About this happening: **Triad Nexus** expanded its fraud ecosystem after **US Treasury sanctions in 2025**, increasing operational scale and shifting into **emerging markets**. The network’s use of **U...

Venom Stealer subscription and affiliate malware-service ecosystem

Threat Actor Meta
H score36 First: 01.04.2026 16:30 Last: 01.04.2026 16:30 Sources 1

About this happening: **Venom Stealer** is being run as a **subscription-based** malware service with **Telegram licensing** and an **affiliate program**, signaling a more organized cybercrime ecosyste...

Scattered Lapsus Shiny Hunters' harassment-driven extortion operating model

Threat Actor Meta
H score33 First: 02.02.2026 18:15 Last: 02.02.2026 18:15 Sources 1

About this happening: **Scattered Lapsus Shiny Hunters (SLSH)** is now using a **harassment-driven extortion model** that pairs stolen data with swatting, threats, and publicity pressure, raising the s...

Record crypto-fraud losses rise with AI-driven impersonation

Trend
H score43 First: 14.01.2026 12:00 Last: 14.01.2026 12:00 Sources 1

About this happening: **Cryptocurrency fraud** is surging as scammers use **AI chatbots** and **brand impersonation** to widen victim reach and raise payout sizes. A **Malwarebytes Labs** analysis foun...

Timeline

  1. 21.05.2026 17:00 2 articles · 1mo ago

    Initial report: Lucifer DaaS’s evolution into a commission-based drainer service platform

    Initial Disclosure

    By early 2025, Lucifer DaaS was already operating as a commission-based drainer service that paired affiliate traffic with operator-managed wallet interaction and asset transfer logic. The first visible phase centered on productization, with software updates and support handling replacing the older one-page scam model.

    Show sources