$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Researchers at Huntress have uncovered a sophisticated threat hidden within what appeared to be adware, revealing that a single unregistered domain available for as little as $10 could have granted malicious actors silent control over more than 25,000 compromised endpoints worldwide.

The software at the center of the investigation is signed by Dragon Boss Solutions, which describes itself as a search monetization research firm based in the United Arab Emirates.

Though long categorized as a potentially unwanted program (PUP) with browser hijacking capabilities, an analysis by Huntress researchers found that the software had quietly evolved into something far more dangerous.

Starting in March 2025, Huntress analysts observed it deploying a PowerShell-based payload that runs with elevated privileges to disable cybersecurity products, block their update servers, and prevent their reinstallation.

The malware achieves persistence through five scheduled tasks and WMI event subscriptions that survive reboots. It also adds Windows Defender ...