Menlo Security erwirbt Votiro, um Unternehmen einfache, KI-gestützte Datensicherheit zu bieten
Blog lesen
During routine alert review of zero hour alerts, the Menlo Security Threat Intelligence team discovered users visiting compromised sites. These sites are part of a bigger crime organization VexTrio, using the Traffic Direction System (TDS). We saw two notable campaigns associated with this organization and what appeared to be an infrastructure change. In this write up we will discuss what we saw from the victim’s point of view visiting this cybercrime ring's infrastructure.
Traffic Direction System: A system that can use a network of hacked servers to route victims to domains that distribute malware, ads, or run scamming schemes.
VexTrio uses an affiliate program that allows affiliates to access their TDS. Attackers compromise WordPress websites, injecting malicious JavaScript that serves to route traffic to the TDS based on specific criteria (discussed below). Depending on the victim's operating system (OS) fingerprint, they will be routed to different affiliates. We will focus on two campaigns Menlo has unique insights into: “Bella turned Shaul campaign” and “ClearFake”.
Menlo Security
