
The scareware rabbit hole.
From Research Saturday by N2K Networks
March 7, 2026 · 28 min · Season 10 · Episode 415
About this episode
Marcelle Lee discusses her investigation into a mobile scareware campaign triggered by a Google News story.
This week we are joined by Marcelle Lee, cybersecurity consultant and researcher, discussing "CTI tradecraft: Investigating a mobile scareware campaign." She details how a routine click on a Google News story led to a mobile scareware pop-up—and a deeper investigation into a broader campaign. Using free tools like Censys, URLScan, VirusTotal, and CyberChef, she pivoted from two domains to uncover more than 100 related domains, shared infrastructure, and links to questionable antivirus apps in the Google Play Store. The findings are mapped to the MITRE ATT&CK framework, showing how freely available resources can power meaningful, actionable threat intelligence. The research can be found here: CTI tradecraft: Investigating a mobile scareware campaign Learn more about your ad choices. Visit megaphone.fm/adchoices
People in this episode
Guest: Marcelle Lee
Topics covered
- cybersecurity
- scareware
- threat intelligence
- mobile security
- investigation
- MITRE ATT&CK
Keywords
- scareware
- cybersecurity
- threat intelligence
- mobile campaign
- MITRE ATT&CK
- investigation
- Google News
Mentioned in this episode
Organizations: Google, Censys, URLScan, VirusTotal, CyberChef, MITRE ATT&CK, Google Play Store
More episodes of Research Saturday
- The skills pay the bills. · May 30, 2026 · 24 min
- Ghosted by Grafana · May 23, 2026 · 26 min
- Scam papers served. · May 16, 2026 · 27 min
- The spy who logged me in. · May 9, 2026 · 24 min
- Double-edged threat. · May 2, 2026 · 31 min
- A QRazy clever scam. · April 25, 2026 · 19 min
Explore listener stats, chart rankings, contacts and more on the Research Saturday podcast page.