In 2024, a small Argentine town called San Pedro made international headlines when thousands of residents discovered a crypto platform they backed was a scam. This platform, RainbowEx, was the core focus of the story; but the true story went unreported. RainbowEx was not a one-off, but rather a repeatable template built on a Chinese app framework now linked to more than 236,000 scam sites worldwide, many of them touching business networks.
New research by Infoblox Threat Intel shows that scammers have used the framework, called DCloud Uni-App (DCloud), to perpetrate fraud at scale for some time now. According to the research, DCloud is the technical foundation underneath at least 236,493 distinct second-level domains identified as scam infrastructure: from RainbowEx-style fake crypto exchanges to multi-language pig-butchering operations, WhatsApp phishing networks, fake gambling platforms, brand-impersonation sites and crypto wallet drainers.
The business spillover is already visible. Infoblox recorded more than five million attempted connections from 985 organizations in 25 industries. No single company drove the volume. It came from many small visits by employees, often after links sent through WhatsApp, Telegram or social media.
Consumer scams are increasingly crossing into the workplace through personal devices and office networks, creating fraud risk, data exposure and board-level questions that standard phishing training does not fully address.
“This is no longer just a consumer fraud problem,” said Zach Edwards, Staff Threat Researcher at Infoblox. “When scam traffic reaches work devices and work networks, companies inherit the fallout, from employee losses to possible data exposure and tougher scrutiny from leadership.”
If companies ignore the consumer side of fraud, more of that cost will keep showing up inside the enterprise.