First users would receive a spam email promoting a product and if they happened to click on any of the links contained within the message, they would be sent to one of the fraudulent subdomains which were hosted on legitimate sites without their owner's knowledge.
All of the subdomains that were part of the scam shared one thing in common, they all sold products backed by fake endorsements from celebrities including Stephen Hawking, Jennifer Lopez, Gwen Stefani, Blake Shelton, Wolf Blitzer, the cast from Shark Tank and others.
In terms of the fake products being peddled on these scam subdomains, the majority were health-related such as CBD oil, weight loss pills and brain supplements.
The massive network of shady domains was first discovered by security researcher Jeff White at Palo Alto Networks two years ago and since then he has been collecting the spam emails sent out in the campaign and indexing the subdomain URLs promoting these fake products.
White shared his findings with GoDaddy earlier this year and the company then launched its own investigation into the matter in which it discovered that the group behind the scam had likely used either phishing or credential stuffing attacks to gain access to its customers' accounts.
After gaining access to a user's GoDaddy account, the cybercriminals would create a subdomain for their legitimate sites that would later be used to host shady product pages and lure users with spam email campaigns.
In total, the web host has put the number of hacked accounts at “several hundred”. After taking down more than 15k subdomains from its servers, GoDaddy also reset the passwords for the accounts that had been compromised and notified the users that had been impacted.