After three years of relentless tracking, we’ve published a [paper](https://blogs.infoblox.com/threat-intelligence/vextrios-origin-story-from-spam-to-scam-to-adtech/) that, for the first time, exposes the true identities behind VexTrio. This research connects real names to the various companies that form the VexTrio ecosystem. It begins with the origin story—how a group of Italians launched a successful spam and dating business. Over time, VexTrio expanded its operations into malicious adtech and online scams. For over a decade, the group employed deceptive tactics to defraud countless innocent internet users. These illegitimate gains funded the extravagant lifestyles of VexTrio’s key figures—who, despite increasing scrutiny, have yet to be fully stopped.

We’re deeply grateful to all the contributors who helped us reach this research milestone, especially @rmceoin and Tord from [Qurium](https://www.qurium.org/).

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #adtech #maliciousadtech #advertising #affiliates #scam #notifications #pushnotifications #tds #trafficdistributionsystem #spam #italy #russia #belarus #dating #clickallow

Like CEOs at Coldplay concerts, we keep finding malicious adtech hiding behind well-known advertising brands. While these platforms may appear credible, they allow malicious actors access to their platform, and profit from their successes.

Our posts often focus on adtech operators because they are the ones who manage the infrastructure. But they are not the only ones profiting from this business. Affiliates play a big role by driving traffic (aka visitors) to the adtech platform (TDS).

Malicious affiliates do this by tricking visitors into clicking hidden links or manipulating pages to redirect them automatically. They are so good at it that they generate a profit just due to the sheer volume of traffic they drive into the platform.

Legitimate affiliates do this by posting what they believe to be normal ads on their web pages, tempted by promises of big rewards. Unfortunately for them, this is rarely the reality, and there are many reports of affiliates being underpaid or not paid at all. Additionally, affiliates risk damaging their own brand image – no one wants their legitimate website redirecting to malware, right?

As a user, regardless of how you find yourself diverted into a malicious TDS, if you happen to fit the profile then you face the risk of being sent to a malicious landing page. Scams, disinformation, malware…you name it.

As there are many players involved in this scheme, we’ve created an infographic that highlights who they are and how they fit into the malicious adtech landscape.

Have you come across any of these shady platforms or, worse, been lured into becoming part of the scheme? Let us know!

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #adtech #maliciousadtech #advertising #affiliates #scam #malware #phishing