Tuesday, May 6, 2025
HomeCyber Security NewsVexTrio a hub of Cyber attacks With Massive 70,000 Domains Attack Chain

VexTrio a hub of Cyber attacks With Massive 70,000 Domains Attack Chain

Published on

SIEM as a Service

Follow Us on Google News

VexTrio, a cybercrime syndicate with a history dating back to at least 2017, has been implicated in nefarious activities utilizing a sophisticated dictionary domain generation algorithm (DDGA). 

Their malicious campaigns encompass scams, riskware, spyware, adware, potentially unwanted programs (PUPs), and explicit content, with a notable occurrence in 2022 involving the distribution of the Glupteba malware following a prior intervention by Google in December 2021.

The scope of VexTrio’s influence extends to a network of over 70,000 documented domains, facilitating traffic brokering for approximately 60 affiliates, including ClearFake, SocGholish, and TikTok Refresh. 

- Advertisement - Google News
Document
Free Trial

Streaming Malware Service

Open Suspicious Files & Links in the ANY RUN Sandbox Safely; Try All Features for Free. Understand malware behavior, collect IOCs, and easily map malicious actions to TTPs — all in our interactive sandbox.

VexTrio
VexTrio

Security analysts from Infoblox posit that VexTrio may be advertising its services on dark web forums or employing alternative channels for cybercriminal engagement.

Operational Mechanism of VexTrio:

Functioning as intermediaries between malware creators and those seeking to launch cyberattacks, VexTrio offers affiliates:

  1. Access to a network of malicious domains hosting malware, phishing pages, and harmful content.
  2. Traffic distribution systems (TDS) redirect victims based on location, interests, and other parameters.
  3. Payment processing, compensating affiliates based on generated traffic or successful attacks.
Cyber attacks
Cyber attacks

Prominent VexTrio Affiliates:

ClearFake: Specializes in crafting deceptive websites to pilfer personal information.

SocGholish: Utilizes social engineering tactics to trick victims into interacting with malicious links or downloading malware.

TikTok Refresh: Targets TikTok users through phishing scams and counterfeit applications.

Impact of VexTrio:

VexTrio poses a substantial threat to global internet users, leading to issues such as identity theft, financial losses, and data breaches affecting businesses and organizations.

Infoblox has uncovered a web of Vextrio attacks, with the initial threads dating back to early 2022 and ongoing campaigns detected in February.

Michael Jones, Malware Expert: “The fact that they were able to bypass Google’s intervention with the Glupteba malware distribution shows their adaptability and resilience. They are constantly evolving their tactics and techniques, making it a constant challenge for defenders to stay ahead.”

Protective Measures against VexTrio:

  1. Exercise caution with visited websites, prioritizing trusted sources.
  2. Avoid clicking on suspicious links or attachments in emails or messages from unfamiliar sources.
  3. Keep software updated to mitigate vulnerabilities.
  4. Employ a robust security suite to counter malware and phishing threats.
  5. Stay informed about the latest cyber threats to proactively safeguard against potential risks.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...