Security News > 2024 > February > Meet VexTrio, a network of 70K hijacked websites crooks use to sling malware, fraud

More than 70,000 presumably legit websites have been hijacked and drafted into a network that crooks use to distribute malware, serve phishing pages, and share other dodgy stuff, according to researchers.

In the case of VexTrio, tens of thousands of websites are compromised so that their visitors are redirected to pages that serve up malware downloads, show fake login pages to steal credentials, or perform some other fraud or cyber-crime.

VexTrio takes a fee from the crooks running the fraudulent sites for directing web traffic their way, and the miscreants who provided the compromised websites in the first place get a cut.

We're told the TDS also sends netizens to scam websites operated by the VexTrio crew itself, allowing the criminals to profit directly from their fraud.

Interestingly enough, and perhaps as an indicator of the TDS's reach, one strain of malware pushed via VexTrio is SocGholish, aka FakeUpdates, which topped Check Point's list of the most prevalent malware in January, affecting four percent of observed organizations worldwide.

Infoblox said the info-stealing ClearFake malware, documented here by McEoin, is also pushed via VexTrio.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/10/malicious_traffic_broker_vextrio/