WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network

The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own that's designed to distribute malicious content. "VexTrio is a group of malicious adtech companies that distribute scams and harmful software via different advertising formats, including smartlinks and push notifications," Infoblox said in a deep-dive report shared with The Hacker News. Some of the malicious adtech companies under VexTrio Viper include Los Pollos, Taco Loco, and Adtrafico. These companies operate what's called a commercial affiliate network that connects malware actors whose websites unsuspecting users land on and so-called "advertising affiliates" who offer various forms of illicit schemes like gift card fraud, malicious apps, phishing sites, and scams. Put differently, these malicious traffic distribution systems are designed to redirect victims to their destinations through a SmartLink or direct offer. Los Pollos, per the DNS threat intelligence firm, enlists malware distributors (aka publishing affiliates) with promises of high-paying offers, whereas Taco Loco specializes in push monetization and recruits advertising affiliates. Another notable component of these attacks is the compromise of WordPress websites to inject malicious code that's responsible for initiating the redirection chain, ultimately leading…Read More