236493 DCloud Uni-App Domains Power Centralized Crypto Scam Operations Since 2022
Over 236k DCloud domains form a coordinated scam platform blending fake exchanges, drainers, and phishing. Registration telemetry and technical reuse point to centralized operators adapting to enforcement. The pattern reveals industrialized abuse of legitimate dev tools for ongoing financial crime.
Law-enforcement pressure on specific campaigns will likely trigger rapid domain rotation and further stripping of identifiable code. Expect continued growth in non-DCloud variants as operators migrate to other open-source mobile frameworks while retaining the same backend monetization logic. Monitoring should focus on shared wallet addresses and hosting-provider changes rather than framework signatures alone.
Infoblox: Domain-registration volume for DCloud scam templates will fall below 500 new domains per week by September 2026 as operators shift to alternate frameworks.
Sources (2)
- [1]Infoblox DCloud Threat Report(https://www.infoblox.com/resources/reports/dcloud-uni-app-scam-infrastructure)
- [2]Chainalysis Crypto Crime Report 2025(https://www.chainalysis.com/chainalysis-crypto-crime-2025/)