{"id":51945,"date":"2023-05-17T00:00:00","date_gmt":"2023-05-17T00:00:00","guid":{"rendered":"urn:uuid:dedd279d-3b7c-2e07-5cec-6f2a9d4a9263"},"modified":"2023-05-17T00:00:00","modified_gmt":"2023-05-17T00:00:00","slug":"lemon-groups-cybercriminal-businesses-built-on-preinfected-devices","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/","title":{"rendered":"Lemon Group\u2019s Cybercriminal Businesses Built on Preinfected Devices"},"content":{"rendered":"

<\/p>\n

<\/div>\n

1)     SMS plugin: Capable of intercepting received SMS and read specific messages such as one-time passwords (OTP) from various platforms such as WhatsApp, JingDong (a shopping app), and Facebook. This plugin feeds the business of SMS PVA<\/a>, which provides phone numbers and OTP features for their customers.<\/p>\n

2)     Proxy plugin and proxy seller: Able to setup reverse proxy from an infected phone and use the network resources of the affected mobile device in exchange for their DoveProxy business.<\/p>\n

3)     Cookie plugin\/WhatsApp plugin\/Send plugin and promotion platform:<\/p>\n

a.      The cookie plugin hooks to Facebook-related apps and intercepts specific activities to launch events (e.g., Facebook app\u2019s list of activities). It also dumps Facebook-related cookies<\/a> from the app data directory and uploads it to the C&C server. This plugin can also harvest other data like the Friends list, profile, email addresses, and others.<\/p>\n

b.      The WhatsApp plugin is used to hijack WhatsApp sessions to send unwanted messages. These two were used for \u201coverseas marketing\u201d so the customers can use compromised Facebook accounts and boost their marketing platform by posting on Facebook on behalf of the compromised accounts. Registering a Facebook account has now become more difficult and can be banned due to malicious activities coming from newly created accounts, so these list of compromised accounts are perfect for marketing purposes.<\/p>\n

4)     Splash plugin: Hook popular apps to intercept specific activities such as launching event request ads from advertisements. Victims will see unexpected ads while launching official apps on their devices.<\/p>\n

5)     Silent plugin: When any activity needs an installation permission, it gets a list of tasks from the C&C, and each task includes apk (Android Package) metadata and the action, such as install and uninstall. This plugin executes the silent installation and launches the installed app.<\/p>\n

Rebranding and impact<\/span><\/p>\n

When we published a research paper on the operations of Lemon Group in February 2022, the group changed their operation name. In May, they removed some traces of \u201cLemon\u201d and rebranded as \u201cDurian Cloud SMS.\u201d However, the servers are still the same and intact.<\/p>\n

Through our monitoring, we have detected over 490,000 mobile numbers used for OTP requests of Lemon SMS and, later, Durian SMS service. The customers of Lemon SMS PVA generated OTPs from platforms like JingDong, WhatsApp, Facebook, QQ, Line, and Tinder, among other applications.<\/p>\n

Tracking the indicators using Trend Micro\u2122 Smart Protection Network\u2122, the number of infected devices are distributed globally as the threat actor controls devices in more than 180 countries. The top 10 countries affected:<\/p>\n

    \n
  1. US<\/li>\n
  2. Mexico<\/li>\n
  3. Indonesia<\/li>\n
  4. Thailand<\/li>\n
  5. Russia<\/li>\n
  6. South Africa<\/li>\n
  7. India<\/li>\n
  8. Angola<\/li>\n
  9. Philippines<\/li>\n
  10. Argentina<\/li>\n<\/ol>\n

    Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    An overview of the Lemon Group\u2019s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":51946,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9590,9521,9511,9514,9513,9581],"class_list":["post-51945","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-connected-car","tag-trend-micro-research-cyber-crime","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-iot","tag-trend-micro-research-malware","tag-trend-micro-research-mobile"],"yoast_head":"\nLemon Group\u2019s Cybercriminal Businesses Built on Preinfected Devices 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Lemon Group\u2019s Cybercriminal Businesses Built on Preinfected Devices 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-17T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/cover-black-hat-2023-lemon-group-cybercriminal-businesses-on-preinfected-mobile-devices.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Lemon Group\u2019s Cybercriminal Businesses Built on Preinfected Devices\",\"datePublished\":\"2023-05-17T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\\\/\"},\"wordCount\":468,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Connected Car\",\"Trend Micro Research : Cyber Crime\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : IoT\",\"Trend Micro Research : Malware\",\"Trend Micro Research : Mobile\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\\\/\",\"name\":\"Lemon Group\u2019s Cybercriminal Businesses Built on Preinfected Devices 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices.jpg\",\"datePublished\":\"2023-05-17T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices.jpg\",\"width\":976,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Lemon Group\u2019s Cybercriminal Businesses Built on Preinfected Devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Lemon Group\u2019s Cybercriminal Businesses Built on Preinfected Devices 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/","og_locale":"en_US","og_type":"article","og_title":"Lemon Group\u2019s Cybercriminal Businesses Built on Preinfected Devices 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-05-17T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/cover-black-hat-2023-lemon-group-cybercriminal-businesses-on-preinfected-mobile-devices.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Lemon Group\u2019s Cybercriminal Businesses Built on Preinfected Devices","datePublished":"2023-05-17T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/"},"wordCount":468,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/05\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Connected Car","Trend Micro Research : Cyber Crime","Trend Micro Research : Cyber Threats","Trend Micro Research : IoT","Trend Micro Research : Malware","Trend Micro Research : Mobile"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/","url":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/","name":"Lemon Group\u2019s Cybercriminal Businesses Built on Preinfected Devices 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/05\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices.jpg","datePublished":"2023-05-17T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/05\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/05\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices.jpg","width":976,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/lemon-groups-cybercriminal-businesses-built-on-preinfected-devices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Lemon Group\u2019s Cybercriminal Businesses Built on Preinfected Devices"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51945","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51945"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51945\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/51946"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51945"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51945"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51945"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}