VexTrio TDS: Inside a massive 70,000-domain cybercrime operation

VexTrio TDS: Inside a massive 70,000-domain cybercrime operation

January 24, 2024 at 02:48PM

“VexTrio, a previously unknown Traffic Distribution System (TDS), has been active since 2017, aiding 60 affiliates in cybercrime operations through a massive network of 70,000 sites. This highly pervasive entity partners with cybercrime campaigns and operators, utilizing various deceptive tactics to generate revenue and make detection challenging. Mitigation strategies include limiting browsing to SSL-certified sites and using ad-blocking tools.”

The meeting notes highlighted the discovery of a significant cybercrime operation called VexTrio, which has been active since at least 2017. VexTrio is a Traffic Distribution System (TDS) that has been aiding around 60 affiliates in their cybercrime operations through a network of 70,000 sites. This TDS plays a central role in the distribution of malicious content by controlling compromised sites and partnering with affiliates to redirect unsuspecting users to malicious destinations.

VexTrio’s extensive reach and partnerships with notorious cybercrime campaigns and operators make it a highly pervasive entity within the cybercrime landscape. The TDS generates revenue through various deceptive methods, including abusing referral programs from legitimate platforms and deceptively tricking users into granting permission for push notifications, which are then used to generate referral revenue. The complexity and resilience of VexTrio’s operations make it challenging to detect and mitigate.

The Infoblox report suggests that users can mitigate the threat by limiting their browsing to SSL-certified sites, blocking push notifications on their browsers, and using ad-blocking tools to prevent popup ads from loading. Identifying and mapping VexTrio’s sites is seen as a solid first step towards tackling this cybercrime operation.

Full Article