VexTrio a hub of Cyber attacks With Massive 70,000 Domains Attack Chain

VexTrio, a cybercrime syndicate with a history dating back to at least 2017, has been implicated in nefarious activities utilizing a sophisticated dictionary domain generation algorithm (DDGA). 

Their malicious campaigns encompass scams, riskware, spyware, adware, potentially unwanted programs (PUPs), and explicit content, with a notable occurrence in 2022 involving the distribution of the Glupteba malware following a prior intervention by Google in December 2021.

The scope of VexTrio’s influence extends to a network of over 70,000 documented domains, facilitating traffic brokering for approximately 60 affiliates, including ClearFake, SocGholish, and TikTok Refresh. 

Free Trial

Streaming Malware Service

Open Suspicious Files & Links in the ANY RUN Sandbox Safely; Try All Features for Free. Understand malware behavior, collect IOCs, and easily map malicious actions to TTPs — all in our interactive sandbox.


Security analysts from Infoblox posit that VexTrio may be advertising its services on dark web forums or employing alternative channels for cybercriminal engagement.

Operational Mechanism of VexTrio:

Functioning as intermediaries between malware creators and those seeking to launch cyberattacks, VexTrio offers affiliates:

  1. Access to a network of malicious domains hosting malware, phishing pages, and harmful content.
  2. Traffic distribution systems (TDS) redirect victims based on location, interests, and other parameters.
  3. Payment processing, compensating affiliates based on generated traffic or successful attacks.
Cyber attacks

Prominent VexTrio Affiliates:

ClearFake: Specializes in crafting deceptive websites to pilfer personal information.

SocGholish: Utilizes social engineering tactics to trick victims into interacting with malicious links or downloading malware.

TikTok Refresh: Targets TikTok users through phishing scams and counterfeit applications.

Impact of VexTrio:

VexTrio poses a substantial threat to global internet users, leading to issues such as identity theft, financial losses, and data breaches affecting businesses and organizations.

Infoblox has uncovered a web of Vextrio attacks, with the initial threads dating back to early 2022 and ongoing campaigns detected in February.

Michael Jones, Malware Expert: “The fact that they were able to bypass Google’s intervention with the Glupteba malware distribution shows their adaptability and resilience. They are constantly evolving their tactics and techniques, making it a constant challenge for defenders to stay ahead.”

Protective Measures against VexTrio:

  1. Exercise caution with visited websites, prioritizing trusted sources.
  2. Avoid clicking on suspicious links or attachments in emails or messages from unfamiliar sources.
  3. Keep software updated to mitigate vulnerabilities.
  4. Employ a robust security suite to counter malware and phishing threats.
  5. Stay informed about the latest cyber threats to proactively safeguard against potential risks.
Guru baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these systems to steal sensitive data, interrupt…

2 days ago

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a threat actor to read sensitive files…

2 days ago

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes. Resecurity researchers have recently revealed that…

2 days ago

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million Ecuadorian citizens. The announcement was made…

2 days ago

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery efforts following a recent cybersecurity breach.…

3 days ago

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection for Amazon Simple Storage Service (Amazon…

3 days ago