Wednesday, November 13, 2024
HomeCyber Security NewsVexTrio a hub of Cyber attacks With Massive 70,000 Domains Attack Chain

VexTrio a hub of Cyber attacks With Massive 70,000 Domains Attack Chain

Published on

Malware protection

VexTrio, a cybercrime syndicate with a history dating back to at least 2017, has been implicated in nefarious activities utilizing a sophisticated dictionary domain generation algorithm (DDGA). 

Their malicious campaigns encompass scams, riskware, spyware, adware, potentially unwanted programs (PUPs), and explicit content, with a notable occurrence in 2022 involving the distribution of the Glupteba malware following a prior intervention by Google in December 2021.

The scope of VexTrio’s influence extends to a network of over 70,000 documented domains, facilitating traffic brokering for approximately 60 affiliates, including ClearFake, SocGholish, and TikTok Refresh. 

- Advertisement - SIEM as a Service
Document
Free Trial

Streaming Malware Service

Open Suspicious Files & Links in the ANY RUN Sandbox Safely; Try All Features for Free. Understand malware behavior, collect IOCs, and easily map malicious actions to TTPs — all in our interactive sandbox.

VexTrio
VexTrio

Security analysts from Infoblox posit that VexTrio may be advertising its services on dark web forums or employing alternative channels for cybercriminal engagement.

Operational Mechanism of VexTrio:

Functioning as intermediaries between malware creators and those seeking to launch cyberattacks, VexTrio offers affiliates:

  1. Access to a network of malicious domains hosting malware, phishing pages, and harmful content.
  2. Traffic distribution systems (TDS) redirect victims based on location, interests, and other parameters.
  3. Payment processing, compensating affiliates based on generated traffic or successful attacks.
Cyber attacks
Cyber attacks

Prominent VexTrio Affiliates:

ClearFake: Specializes in crafting deceptive websites to pilfer personal information.

SocGholish: Utilizes social engineering tactics to trick victims into interacting with malicious links or downloading malware.

TikTok Refresh: Targets TikTok users through phishing scams and counterfeit applications.

Impact of VexTrio:

VexTrio poses a substantial threat to global internet users, leading to issues such as identity theft, financial losses, and data breaches affecting businesses and organizations.

Infoblox has uncovered a web of Vextrio attacks, with the initial threads dating back to early 2022 and ongoing campaigns detected in February.

Michael Jones, Malware Expert: “The fact that they were able to bypass Google’s intervention with the Glupteba malware distribution shows their adaptability and resilience. They are constantly evolving their tactics and techniques, making it a constant challenge for defenders to stay ahead.”

Protective Measures against VexTrio:

  1. Exercise caution with visited websites, prioritizing trusted sources.
  2. Avoid clicking on suspicious links or attachments in emails or messages from unfamiliar sources.
  3. Keep software updated to mitigate vulnerabilities.
  4. Employ a robust security suite to counter malware and phishing threats.
  5. Stay informed about the latest cyber threats to proactively safeguard against potential risks.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Fortinet Patches Critical Flaws That Affected Multiple Products

Fortinet, a leading cybersecurity provider, has issued patches for several critical vulnerabilities impacting multiple...

China-Nexus Actors Hijack Websites to Deliver Cobalt Strike malware

A Chinese state-sponsored threat group, identified as TAG-112, has been discovered hijacking Tibetan community...

Chrome 131 Released with the Fix for Multiple Vulnerabilities

The Chrome team has officially announced the release of Chrome 131 for Windows, Mac,...

Ivanti Warns of Critical Vulnerabilities in Connect Secure, Policy Secure & Secure Access

Ivanti, the well-known provider of IT asset and service management solutions, has issued critical...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Fortinet Patches Critical Flaws That Affected Multiple Products

Fortinet, a leading cybersecurity provider, has issued patches for several critical vulnerabilities impacting multiple...

China-Nexus Actors Hijack Websites to Deliver Cobalt Strike malware

A Chinese state-sponsored threat group, identified as TAG-112, has been discovered hijacking Tibetan community...

Chrome 131 Released with the Fix for Multiple Vulnerabilities

The Chrome team has officially announced the release of Chrome 131 for Windows, Mac,...