Researchers say more than 236,000 sites are using DCloud Uni-App-based scam templates, showing how ordinary development tooling can be repurposed into a large-scale fraud layer.
A legitimate cross-platform development framework is being reused as a fast-moving scaffold for phishing pages that imitate crypto, mobility, and messaging brands.
A reported cluster of more than 236,000 scam domains shows how reusable app tooling can be bent into a high-volume fraud pipeline, without becoming proof that the framework itself is malicious.
Threat actors are selling investment-scam templates built with DCloud Uni-App, a legitimate framework that has been linked to a reported 200,000 scam sites.