DCloud Uni-App Templates Fuel Global Crypto, Mobility Scam Surge

The Chinese cross-platform toolkit DCloud Uni-App has become the backbone for hundreds of thousands of fraudulent websites globally. Malicious actors are leveraging standardized templates built on DCloud to deploy massive campaigns involving fake cryptocurrency exchanges, mobility investment fraud, and messaging application phishing.

By utilizing this shared code framework, cybercriminals can rapidly generate mobile-optimized websites and full desktop applications from a single, highly efficient codebase. This allows decentralized operators to launch sophisticated attacks with minimal development overhead.

The technical foundation underlying at least 236,493 distinct second-level domains is directly tied to DCloud Uni-App. As reported by IntCyberDigest, the application framework is widely used by legitimate businesses in mainland China, but it routinely leaves behind recognizable default scaffolding that scammers exploit for rapid deployment.

The New York Times previously highlighted one highly publicized scam operation: a fake cryptocurrency exchange named RainbowEx that successfully defrauded approximately 20% of the population of a small Argentine town. Following the widespread international media coverage of that incident in late 2024, the deployment of new malicious domains utilizing these exact templates surged to roughly fifteen thousand new sites per month.