Security News > 2024 > January > VexTrio TDS: Inside a massive 70,000-domain cybercrime operation
A previously unknown traffic distribution system named 'VexTrio' has been active since at least 2017, aiding 60 affiliates in their cybercrime operations through a massive network of 70,000 sites.
A new report by Infoblox focuses on a much larger-scale TDS operation named VexTrio, which works with notorious cybercrime campaigns and operators like ClearFake and SocGholish, among others.
VexTrio has been identified by Infoblox as a highly pervasive entity within the cybercrime landscape, commanding a massive network that plays a central role in the distribution of malicious content.
VexTrio also extends its reach by partnering with at least 60 entities, or affiliates, who forward traffic from their resources, such as compromised websites, to VexTrio's TDS servers.
ClearFake has been a VexTrio affiliate for five months, but instead of directly forwarding traffic to the platform's TDS servers, it uses the Keitaro service as an intermediate redirection point.
The SocGholish malware campaign has also collaborated with VexTrio since at least April 2022, according to Infoblox, also relying on the Keitaro TDS service for a midpoint bounce.