NoTrove: The Threat Actor Ruling a Scam Empire

Understand how to stay ahead of scammers like NoTrove

Earlier this year, RiskIQ reported an eightfold increase in internet scam incidents, which deny the $83 billion digital advertising industry millions of dollars. Since then, we’ve identified a particularly prolific threat actor that’s built out wide swaths of infrastructure to deliver millions of scam ads, threatening consumers’ cybersecurity and undermining the digital advertising industry.

In this report, we show how “NoTrove,” a scam actor named after its URI pattern and penchant for denying victims “troves” of rewards, uses its scam empire and advanced automation techniques to stay ahead of detection and threat actor takedown efforts.

Download the report to find out:

  • Just how big and far-ranging NoTrove infrastructure is, and how threat actors can quickly and cheaply acquire an enormous number of IPs and domains for their operations
  • What the different variants of NoTrove campaigns look like, such as software downloads, PUP redirections, and fake rewards downloads—and how victims who click are redirected to unwanted places across the internet
  • How NoTrove domains command so much traffic, many shoot well up into the Alexa top 10,000
  • How cybersecurity scams are becoming a lucrative and increasingly popular method for threat actors and why they’re bad news for the digital advertising ecosystem

Download Report