Prolific Puma used a registered domain generation algorithm (RDGA) to create domain names in bulk quantity. They took those domain names and provided link shortening services to interested cybercriminals. The cybercriminals would then create their own malware pages and hide them behind these shortened links as threat detectors were not able to flag these shortened links as dangerous. The unsuspecting user would click on these shortened links, which were carefully disguised mind you, and the moment the page opened, the malware would install itself on the user’s computer, and the rest is history.
