#vextrio — Public Fediverse posts

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/ #Ne'er-Do-WellNews #SkyForgeDigitalAG #ALittleSunshine #PartnersHouse #Doppelganger #WebFraud2.0 #AimedGlobal #ReneeBurton #TeknologySA #ByteCoreAG #smartlinks #Spamshield #LosPollos #wordpress #DollyWay #Holacode #Infoblox #TacoLoco #BroPush #GoDaddy #HelpTDS #RichAds #VexTrio #AdsPro #Qurium #RexAds

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/

#Ne'er-Do-WellNews #SkyForgeDigitalAG #ALittleSunshine #PartnersHouse #Doppelganger #WebFraud2.0 #AimedGlobal #ReneeBurton #TeknologySA #ByteCoreAG #smartlinks #Spamshield #LosPollos #wordpress #DollyWay #Holacode #Infoblox #TacoLoco #BroPush #GoDaddy #HelpTDS #RichAds #VexTrio #AdsPro #Qurium #RexAds

VexTrio User Experience 5/N
 
So what next? Shall we do fake apps? 100% of these experiences come from starting with a compromised site and just allowing all notifications and permissions that are requested.  This one came from a notification that the phone needed to be cleaned and it recommended download the app Antivirus toolkit from the Google Play store. What could go wrong? There are over 1M downloads!  This scareware fake app was delivered via Monetizer; see the imgur link.
 
Then read the reviews. Like the other fake apps in this genre it doesn't do anything except show ads and gain access to your personal information. We'll share some of the other fake apps in a different post; some of them are quite giggle producing. But unfortunately, they work - people are scammed out of tons of money through these jerks.
 
Once installed, the app tells you that your browser is compromised, and you need to install a secure browser -- another one on the Google store with lots of downloads and seemingly good reviews. But finding the real reviews shows the same behavior… lots of ads and access to personal data.
 
I haven't tried to do any sandboxing or reverse engineering of these apps that the VexTrio affiliates are recommending; I'm just getting the full user experience.
 
In the meantime, the Antivirus Toolkit continues to push notifications including that is has instaled (sic) and uninstaled (sic) Chrome for me.

video of the virus app is here. only defanged as i maxed the image load for mastodon.
https://imgur[.]com/a/bxPEyhB
 
#dns #threatintel #fakeapp #scam #scareware #phishing #vextrio #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel

This attack is unbelievably powerful, easy, and preventable. It’s the criminal’s best kept secret. Much stealthier and more effective than dangling CNAMEs. We found many Russian-nexus actors, but we suspect there are more to be found. Please boost for awareness and hope we aren’t rediscovering this attack in another 6 years. Thanks to everyone contributed to our understanding of the attack and the actors using it … including Proofpoint, @rmceoin Dave Safely, Mandatory, and @briankrebs @dnsoarc #sittingducks #dns #domainhijacking #cybercrime #cybersecurity #infosec #threatintel #malware #phishing #tds #vextrio #404tds #threatintelligence #infoblox @knitcode https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/

Sometimes people ask us to remove a domain from our blocklists that are part of a malicious traffic distribution system (TDS) because they "visited the url" and didn't get malware. This is like saying "I walked past the armed robber and didn't get robbed." Count yourself lucky. Say no to TDS. #dns #threatintel #cybercrime #malware #phishing #scam #infoblox #cybersecurity #infosec #tds #vextrio #socgholish #clearfake #404tds #adware