The scareware rabbit hole.

The scareware rabbit hole.

From Research Saturday by N2K Networks

March 7, 2026 · 28 min · Season 10 · Episode 415

About this episode

Marcelle Lee discusses her investigation into a mobile scareware campaign triggered by a Google News story.

This week we are joined by Marcelle Lee, cybersecurity consultant and researcher, discussing "CTI tradecraft: Investigating a mobile scareware campaign." She details how a routine click on a Google News story led to a mobile scareware pop-up—and a deeper investigation into a broader campaign. Using free tools like Censys, URLScan, VirusTotal, and CyberChef, she pivoted from two domains to uncover more than 100 related domains, shared infrastructure, and links to questionable antivirus apps in the Google Play Store. The findings are mapped to the MITRE ATT&CK framework, showing how freely available resources can power meaningful, actionable threat intelligence. The research can be found here: ⁠CTI tradecraft: Investigating a mobile scareware campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

People in this episode

Guest: Marcelle Lee

Topics covered

  • cybersecurity
  • scareware
  • threat intelligence
  • mobile security
  • investigation
  • MITRE ATT&CK

Keywords

  • scareware
  • cybersecurity
  • threat intelligence
  • mobile campaign
  • MITRE ATT&CK
  • investigation
  • Google News

Mentioned in this episode

Organizations: Google, Censys, URLScan, VirusTotal, CyberChef, MITRE ATT&CK, Google Play Store

More episodes of Research Saturday

Explore listener stats, chart rankings, contacts and more on the Research Saturday podcast page.