Warning! Hackers Are Hijacking Popular Website Subdomains to Spread Malware

You land on what looks like a legitimate website belonging to a popular brand, like Panasonic or Bose. But, instead of high-end headphones, you get bombarded with fake virus warnings and malicious downloads. Unfortunately, the CyberFlow cybersecurity team can confirm that this nightmare scenario is a reality. Cybercriminals learned how to exploit a sneaky vulnerability called subdomain takeover to hijack trusted brand names and spread malware.

What Is Subdomain Takeover?

This is a form of cyberattack where hackers gain control of a website’s subdomain without actually breaking into the main site. Consider this scenario: someone sets up shop in an abandoned storefront in a popular shopping mall. They rely on the mall’s reputation to scam customers by selling counterfeit goods or defective products.

You can recognise a subdomain by looking at the URL address. There is one element placed before the main domain name. For example, if the main site is Example Domain , a subdomain could be shop.example.com or support.example.com.

When companies forget to manage or delete these subdomains, hackers can take control of them.

How Does Subdomain Takeover Work?

The process is surprisingly simple, which makes it so dangerous:

Step 1: Finding Abandoned Subdomains

Companies often create subdomains that point to cloud services or run special promotions. When the respective web page is no longer necessary, some companies sometimes forget to remove the DNS records that connect the subdomain to their main website.

Step 2: Claiming the Abandoned Space

Hackers scan for these “dangling” DNS records and register the abandoned cloud resources. Suddenly, they control a subdomain that appears to belong to a trusted company.

Step 3: Setting Up Malicious Content

Once in control, criminals use the hijacked subdomain to host scams, fake antivirus warnings, and malware downloads. Victims see a familiar brand name in the URL and assume it’s safe.

Warning Signs of a Compromised Subdomain

However, the CyberFlow team knows that precaution can help anyone realise that they are not on a genuine brand website. Some of the most blatant red flags that you’ve landed on a hijacked subdomain include:

• Unexpected redirects when visiting familiar websites
• Aggressive pop-ups claiming security threats
• Requests for personal information on unusual pages
• Unfamiliar subdomains in URLs you normally visit
• Push notification requests from sites you didn’t intentionally visit.

Real-World Examples of Subdomain Hijacking

Recent cybersecurity investigations have uncovered subdomain hijacking affecting major brands, including:

• Bose – Audio equipment company subdomains redirecting to scam sites
• Panasonic – Electronics brand subdomains hosting fake security warnings
• CDC (Centers for Disease Control) – US government health agency subdomains compromised
• Deloitte – Major consulting firm subdomains used for malicious redirects

A threat group called “Hazy Hawk” has been particularly active in these attacks. They are using sophisticated traffic distribution systems to send victims to different scams based on their location and device type.

How Criminals Use Hijacked Subdomains

But why do hackers go to such lengths to take over brand subdomains? To trick users into sharing their personal and banking data. Here are the most common scams they resort to:

• Deploying Fake Security Warnings: Pop-ups claiming your computer is infected, urging you to download “antivirus” software that’s actually malware.

• Collecting Personal Information: You reach a fake login page that steals your username, password, and other sensitive data.

• Running Tech Support Scams: You see a pop-up message urging you to call a fake support number, where scammers will try to access your computer remotely.

• Spreading Malware: Malicious software is disguised as legitimate product updates or hardware drivers from trusted brands.

How to Protect Yourself from Subdomain Takeover Attacks

If you are an internet user: 

• Be suspicious of unexpected pop-ups – Legitimate companies rarely use aggressive warning messages
• Check URLs carefully – Look for unusual subdomains or strange redirects
• Never accept push notifications from unfamiliar sites
• Don’t download software from pop-up warnings
• Use reputable antivirus software that can detect malicious redirects

If you want to protect your company subdomains:

• Maintain DNS hygiene – Regularly audit and clean up unused DNS records
• Monitor subdomains – Use automated tools to track all your subdomains
• Remove abandoned cloud resources – Don’t just stop using services—properly decommission them
• Implement security monitoring – Deploy systems that can detect unauthorised subdomain activity

Take Action Today with CyberFlow!

Don’t wait until you become a victim. By understanding subdomain takeover attacks and taking appropriate precautions, we can all help keep the web safer for everyone.

With CyberFlow’s advanced cybersecurity solutions, you can protect your digital assets and avoid becoming a victim of subdomain hijacking. Contact us today!