🚨 📡 🇯🇵 Free TV in Japan, at a Cost: "Black-CAS" Spam Campaigns

We've been tracking a high-volume spam campaign targeting Japanese users advertising illegal "Black-CAS" services. In Japan, satellite TV channels are accessed through Conditional Access Systems (CAS), the legitimate pay-per-channel infrastructure used by Japanese broadcasters. Black-CAS exploits that system, intercepting and cloning legitimate smartcard signals to unlock paid content without a subscription.

Beyond the piracy angle, these devices have been documented to come preloaded with malware and residential proxy clients — buyers think they're paying for cheap TV access, but they're also handing over their network to threat actors.

The emails rotate Japanese-language subjects like "簡単に明日からタダになる、魔法のカード" ("a magic card that makes everything free starting tomorrow") or "有料放送が、ずっとただ無料です" ("paid broadcasts, free forever"). Every email carries a set of URL shortener links (clck[.]ru, u[.]to) rather than direct destination URLs — a clear detection evasion mechanism.

The protective shortener layer hasn't made them conservative with the number of domain registrations. Behind it, the infrastructure relies heavily on RDGAs (e.g. mchj43nmd4j53[.]xyz, 87dsq65dh3[.]xyz), while bolder actors directly use overtly themed domains: blackbcas[.]xyz, black-cas-card-tv[.]lol, black-cas-card-jp-super[.]xyz.

At the landing pages, users can directly purchase these devices, as seen in the images below.

This week our data puts Black-CAS alongside phishing and fake shop campaigns in the top threats targeting Japanese speakers — definitely a threat to consider.

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #illegalstreaming #asia #japan #blackCAS #tv #malware #residentialproxy #spam #rdga #サイバーセキュリティ #情報セキュリティ #マルウェア #迷惑メール #ブラックCAS