VexTrio Hackers Use Fake CAPTCHAs and Malicious Apps on Google Play & App Store to Target Users

Security researchers at Infoblox Threat Intel have revealed the complex workings of VexTrio, a highly skilled cybercriminal network that has been active since at least 2017. This discovery highlights the ongoing dangers in the digital economy.

Formerly known simply as VexTrio, this group now dubbed VexTrio Viper leverages advanced traffic distribution systems (TDSs), lookalike domains, and registered domain generation algorithms (RDGAs) to orchestrate global attacks.

Decade-Long Cybercrime Empire

By brokering traffic through the largest known cybercriminal affiliate program, VexTrio delivers malware, scams, and illicit content to users worldwide, making it one of the most pervasive threats observed in enterprise networks.

Their adept manipulation of DNS infrastructure enables seamless redirection chains, often embedding malicious smartlinks in compromised websites, social media platforms like Instagram and Facebook, and even email security tools.

This TDS trifecta not only cloaks landing pages to evade security analysis but also funnels victims into proprietary scam verticals, including ...