Friday, May 23, 2025
HomeCyber Security NewsVexTrio a hub of Cyber attacks With Massive 70,000 Domains Attack Chain

VexTrio a hub of Cyber attacks With Massive 70,000 Domains Attack Chain

Published on

SIEM as a Service

Follow Us on Google News

VexTrio, a cybercrime syndicate with a history dating back to at least 2017, has been implicated in nefarious activities utilizing a sophisticated dictionary domain generation algorithm (DDGA). 

Their malicious campaigns encompass scams, riskware, spyware, adware, potentially unwanted programs (PUPs), and explicit content, with a notable occurrence in 2022 involving the distribution of the Glupteba malware following a prior intervention by Google in December 2021.

The scope of VexTrio’s influence extends to a network of over 70,000 documented domains, facilitating traffic brokering for approximately 60 affiliates, including ClearFake, SocGholish, and TikTok Refresh. 

- Advertisement - Google News
Document
Free Trial

Streaming Malware Service

Open Suspicious Files & Links in the ANY RUN Sandbox Safely; Try All Features for Free. Understand malware behavior, collect IOCs, and easily map malicious actions to TTPs — all in our interactive sandbox.

VexTrio
VexTrio

Security analysts from Infoblox posit that VexTrio may be advertising its services on dark web forums or employing alternative channels for cybercriminal engagement.

Operational Mechanism of VexTrio:

Functioning as intermediaries between malware creators and those seeking to launch cyberattacks, VexTrio offers affiliates:

  1. Access to a network of malicious domains hosting malware, phishing pages, and harmful content.
  2. Traffic distribution systems (TDS) redirect victims based on location, interests, and other parameters.
  3. Payment processing, compensating affiliates based on generated traffic or successful attacks.
Cyber attacks
Cyber attacks

Prominent VexTrio Affiliates:

ClearFake: Specializes in crafting deceptive websites to pilfer personal information.

SocGholish: Utilizes social engineering tactics to trick victims into interacting with malicious links or downloading malware.

TikTok Refresh: Targets TikTok users through phishing scams and counterfeit applications.

Impact of VexTrio:

VexTrio poses a substantial threat to global internet users, leading to issues such as identity theft, financial losses, and data breaches affecting businesses and organizations.

Infoblox has uncovered a web of Vextrio attacks, with the initial threads dating back to early 2022 and ongoing campaigns detected in February.

Michael Jones, Malware Expert: “The fact that they were able to bypass Google’s intervention with the Glupteba malware distribution shows their adaptability and resilience. They are constantly evolving their tactics and techniques, making it a constant challenge for defenders to stay ahead.”

Protective Measures against VexTrio:

  1. Exercise caution with visited websites, prioritizing trusted sources.
  2. Avoid clicking on suspicious links or attachments in emails or messages from unfamiliar sources.
  3. Keep software updated to mitigate vulnerabilities.
  4. Employ a robust security suite to counter malware and phishing threats.
  5. Stay informed about the latest cyber threats to proactively safeguard against potential risks.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Operation Endgame Crushes DanaBot Malware, Shuts Down 150 C2 Servers and Halts 1,000 Daily Attacks

Operation Endgame II has delivered a devastating strike against DanaBot, a notorious malware that...

Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges

Apple has released urgent security patches addressing CVE-2025-31219, a high-severity vulnerability in its XNU...

Inside LockBit: Data Leak Reveals Leading Affiliates and How They Operate

A massive data leak from the LockBit ransomware group, published on its hijacked leak...

ViciousTrap Hackers Breaches 5,500+ Edge Devices from 50+ Brands, Turns Them into Honeypots

A sophisticated cyber threat actor, dubbed ViciousTrap by Sekoia.io's Threat Detection & Research (TDR)...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Operation Endgame Crushes DanaBot Malware, Shuts Down 150 C2 Servers and Halts 1,000 Daily Attacks

Operation Endgame II has delivered a devastating strike against DanaBot, a notorious malware that...

Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges

Apple has released urgent security patches addressing CVE-2025-31219, a high-severity vulnerability in its XNU...

Inside LockBit: Data Leak Reveals Leading Affiliates and How They Operate

A massive data leak from the LockBit ransomware group, published on its hijacked leak...