VexTrio Unveiled: Global Cybercrime Enterprise Exposed As Sophisticated Multinational Ad-Fraud Operation
More than a group of anonymous hackers, VexTrio is a sophisticated merger of Italian and Eastern European criminal factions that control nearly 100 companies across the adtech, energy and construction industries, using them to orchestrate a global ad-fraud scheme worth billions.
VexTrio operates an end-to-end scam supply chain, controlling everything from the development of fraudulent apps to the payment processors that collect the profits. Several adtech companies – Los Pollos, TacoLoco and Adtrafico – pose as legitimate affiliate marketing networks. These entities serve as the public face for a criminal operation that leverages compromised websites, malicious spam and fraudulent social media campaigns to funnel millions of victims into scams.
"For years, we thought that VexTrio was just a group of basement hackers,' said Dr. Renée Burton, Vice President of Infoblox Threat Intel. 'This investigation proves that behind the malicious links is a highly organised, multinational corporate entity that has been profiting from fraud on a massive scale. They have built an entire adtech industry to conceal their crimes in plain sight.'
Key Findings
Massive Scale and Reach: In 2024, VexTrio's affiliate network Los Pollos claimed over 2 billion unique monthly users, and GoDaddy found that nearly 40 per cent of compromised websites it observed were redirecting traffic to VexTrio. One of the group's core Content Delivery Network (CDN) domains ranks in the top 10,000 most popular domains globally.
End-to-End Criminal Control: VexTrio develops its own fraudulent products, from fake dating sites to e-commerce and crypto investment platforms. It runs its own payment processors and operates email validation services to support massive spam campaigns.
Highly Profitable Scams: The group's network offers affiliates over $100 per lead for fraudulent antivirus products and promoted "blank credit card" scams with promises of six-figure paydays and up to 300 per cent ROI.
Sophisticated and Resilient Infrastructure: The entire global operation runs on a lean infrastructure of fewer than 250 virtual machines, utilising advanced automation tools, multiple hosting providers and legitimate CDN (Content Delivery Network) services to evade detection and ensure resiliency.
Corporate Web of Deceit: VexTrio hides behind shell companies that pose as legitimate adtech firms, operating several brands under the guise of affiliate marketing, while simultaneously being responsible for many types of fraud.
The report highlights the role of adtech platforms in facilitating large-scale cybercrime and underscores the need for stronger accountability measures. The findings reveal how VexTrio's use of networks such as Los Pollos, TacoLoco and Adtrafico not only provides reach but also creates a potential point of exposure – as these platforms vet and track affiliates, they hold valuable intelligence to help identify the actors responsible for compromising countless websites and defrauding millions of users worldwide.
here.
About Infoblox
Infoblox unites networking, security and cloud to form a platform for operations that's as resilient as it is agile. Trusted by 13,000+ customers, including 92 of the Fortune 100, we seamlessly integrate, secure and automate critical network services so businesses can move fast without compromise. Visit infoblox.com, or follow us on LinkedIn.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Scoop
6 hours ago
- Scoop
VexTrio Unveiled: Global Cybercrime Enterprise Exposed As Sophisticated Multinational Ad-Fraud Operation
Auckland, 18 August 2025 — Infoblox Threat Intel has revealed new findings on threat actor "VexTrio". Once known only as a major player in malicious traffic distribution systems (TDS), VexTrio has now been exposed as a sprawling international business enterprise — complete with a complex corporate structure, named executives and operations spanning over a decade. More than a group of anonymous hackers, VexTrio is a sophisticated merger of Italian and Eastern European criminal factions that control nearly 100 companies across the adtech, energy and construction industries, using them to orchestrate a global ad-fraud scheme worth billions. VexTrio operates an end-to-end scam supply chain, controlling everything from the development of fraudulent apps to the payment processors that collect the profits. Several adtech companies – Los Pollos, TacoLoco and Adtrafico – pose as legitimate affiliate marketing networks. These entities serve as the public face for a criminal operation that leverages compromised websites, malicious spam and fraudulent social media campaigns to funnel millions of victims into scams. "For years, we thought that VexTrio was just a group of basement hackers,' said Dr. Renée Burton, Vice President of Infoblox Threat Intel. 'This investigation proves that behind the malicious links is a highly organised, multinational corporate entity that has been profiting from fraud on a massive scale. They have built an entire adtech industry to conceal their crimes in plain sight.' Key Findings Massive Scale and Reach: In 2024, VexTrio's affiliate network Los Pollos claimed over 2 billion unique monthly users, and GoDaddy found that nearly 40 per cent of compromised websites it observed were redirecting traffic to VexTrio. One of the group's core Content Delivery Network (CDN) domains ranks in the top 10,000 most popular domains globally. End-to-End Criminal Control: VexTrio develops its own fraudulent products, from fake dating sites to e-commerce and crypto investment platforms. It runs its own payment processors and operates email validation services to support massive spam campaigns. Highly Profitable Scams: The group's network offers affiliates over $100 per lead for fraudulent antivirus products and promoted "blank credit card" scams with promises of six-figure paydays and up to 300 per cent ROI. Sophisticated and Resilient Infrastructure: The entire global operation runs on a lean infrastructure of fewer than 250 virtual machines, utilising advanced automation tools, multiple hosting providers and legitimate CDN (Content Delivery Network) services to evade detection and ensure resiliency. Corporate Web of Deceit: VexTrio hides behind shell companies that pose as legitimate adtech firms, operating several brands under the guise of affiliate marketing, while simultaneously being responsible for many types of fraud. The report highlights the role of adtech platforms in facilitating large-scale cybercrime and underscores the need for stronger accountability measures. The findings reveal how VexTrio's use of networks such as Los Pollos, TacoLoco and Adtrafico not only provides reach but also creates a potential point of exposure – as these platforms vet and track affiliates, they hold valuable intelligence to help identify the actors responsible for compromising countless websites and defrauding millions of users worldwide. here. About Infoblox Infoblox unites networking, security and cloud to form a platform for operations that's as resilient as it is agile. Trusted by 13,000+ customers, including 92 of the Fortune 100, we seamlessly integrate, secure and automate critical network services so businesses can move fast without compromise. Visit or follow us on LinkedIn.
Techday NZ
17 hours ago
- Techday NZ
VexTrio exposed as global ad-fraud empire with billions in play
Infoblox Threat Intel has released details exposing the VexTrio threat group as a global business enterprise involved in large-scale ad-fraud activity. Previously categorised as a major participant in malicious traffic distribution systems, VexTrio is now understood to be a complex multinational corporate entity with a network of nearly 100 companies spanning the adtech, energy and construction sectors. The network reportedly underpins an ad-fraud scheme valued in the billions. Criminal structure The investigation by Infoblox Threat Intel outlines that VexTrio is not merely an assembly of hackers, but a merger of Italian and Eastern European criminal groups. They use a structural network of businesses to obfuscate fraudulent activities. Named executives run operations which, according to the findings, have persisted for more than a decade. VexTrio is described as managing a comprehensive scam supply chain, controlling all elements from the creation of fraudulent applications to the operation of payment processors that collect illicit proceeds. Prominent adtech brands within the network, including Los Pollos, TacoLoco, and Adtrafico, function as outwardly legitimate affiliate marketing platforms while, in reality, serving the group's criminal operations. "For years, we thought that VexTrio was just a group of basement hackers," said Dr. Renée Burton, Vice President of Infoblox Threat Intel. "This investigation proves that behind the malicious links is a highly organised, multinational corporate entity that has been profiting from fraud on a massive scale. They have built an entire adtech industry to conceal their crimes in plain sight." International reach Infoblox reports that VexTrio's reach is substantial. In 2024, their affiliate network Los Pollos reported more than 2 billion unique users each month. GoDaddy, reviewing compromised websites, found that around 40 percent were redirecting traffic to VexTrio. Additionally, one of the group's core Content Delivery Network domains ranks among the world's top 10,000 most visited domains. The breadth of control extends to fraudulent product development, encompassing fake dating platforms, eCommerce portals and cryptocurrency investment websites. VexTrio operates its own payment processing and runs email validation services, enabling high-volume spam campaigns used to direct new victims into their schemes. Financial incentives and technical setup According to Infoblox, affiliates operating through VexTrio's network are offered incentives surpassing USD $100 per lead for fraudulent antivirus products. Some schemes, such as "blank credit card" scams, are promoted with claims of returns in the six-figure range and up to 300 percent return on investment. The underlying infrastructure supporting the network is described as efficient and advanced. Despite its scale, VexTrio reportedly runs fewer than 250 virtual machines globally, employing automated tools and leveraging multiple hosting and legitimate Content Delivery Network providers to avoid detection and ensure ongoing operations. This technical approach enables the group to remain both resilient and difficult to track. Business fronts and adtech complicity Central to VexTrio's evasion tactics is its use of shell companies and the portrayal of its businesses as reputable adtech providers. The investigation highlights that these companies operate under several brands in the affiliate marketing space, while simultaneously conducting various forms of fraud. The report by Infoblox suggests that adtech industry platforms facilitate the expansion of cybercrime at scale. The research further notes that affiliate networks such as Los Pollos, TacoLoco, and Adtrafico not only increase the syndicate's reach but represent potential points of exposure. As these networks track affiliate activities, they hold intelligence capable of identifying those responsible for website compromises and widespread defrauding of internet users. Researchers argue that these findings underscore the need for increased accountability and transparency in the adtech sector. The examples of compromised affiliates and fraudulent affiliate marketing tactics are presented as risks to internet safety and business integrity worldwide.
Scoop
17 hours ago
- Scoop
VexTrio Unveiled: Global Cybercrime Enterprise Exposed As Sophisticated Multinational Ad-Fraud Operation
Press Release – Infoblox VexTrio operates an end-to-end scam supply chain, controlling everything from the development of fraudulent apps to the payment processors that collect the profits. Auckland, 18 August 2025 — Infoblox Threat Intel has revealed new findings on threat actor 'VexTrio'. Once known only as a major player in malicious traffic distribution systems (TDS), VexTrio has now been exposed as a sprawling international business enterprise — complete with a complex corporate structure, named executives and operations spanning over a decade. More than a group of anonymous hackers, VexTrio is a sophisticated merger of Italian and Eastern European criminal factions that control nearly 100 companies across the adtech, energy and construction industries, using them to orchestrate a global ad-fraud scheme worth billions. VexTrio operates an end-to-end scam supply chain, controlling everything from the development of fraudulent apps to the payment processors that collect the profits. Several adtech companies – Los Pollos, TacoLoco and Adtrafico – pose as legitimate affiliate marketing networks. These entities serve as the public face for a criminal operation that leverages compromised websites, malicious spam and fraudulent social media campaigns to funnel millions of victims into scams. 'For years, we thought that VexTrio was just a group of basement hackers,' said Dr. Renée Burton, Vice President of Infoblox Threat Intel. 'This investigation proves that behind the malicious links is a highly organised, multinational corporate entity that has been profiting from fraud on a massive scale. They have built an entire adtech industry to conceal their crimes in plain sight.' Key Findings Massive Scale and Reach: In 2024, VexTrio's affiliate network Los Pollos claimed over 2 billion unique monthly users, and GoDaddy found that nearly 40 per cent of compromised websites it observed were redirecting traffic to VexTrio. One of the group's core Content Delivery Network (CDN) domains ranks in the top 10,000 most popular domains globally. End-to-End Criminal Control: VexTrio develops its own fraudulent products, from fake dating sites to e-commerce and crypto investment platforms. It runs its own payment processors and operates email validation services to support massive spam campaigns. Highly Profitable Scams: The group's network offers affiliates over $100 per lead for fraudulent antivirus products and promoted 'blank credit card' scams with promises of six-figure paydays and up to 300 per cent ROI. Sophisticated and Resilient Infrastructure: The entire global operation runs on a lean infrastructure of fewer than 250 virtual machines, utilising advanced automation tools, multiple hosting providers and legitimate CDN (Content Delivery Network) services to evade detection and ensure resiliency. Corporate Web of Deceit: VexTrio hides behind shell companies that pose as legitimate adtech firms, operating several brands under the guise of affiliate marketing, while simultaneously being responsible for many types of fraud. The report highlights the role of adtech platforms in facilitating large-scale cybercrime and underscores the need for stronger accountability measures. The findings reveal how VexTrio's use of networks such as Los Pollos, TacoLoco and Adtrafico not only provides reach but also creates a potential point of exposure – as these platforms vet and track affiliates, they hold valuable intelligence to help identify the actors responsible for compromising countless websites and defrauding millions of users worldwide. here. Infoblox unites networking, security and cloud to form a platform for operations that's as resilient as it is agile. Trusted by 13,000+ customers, including 92 of the Fortune 100, we seamlessly integrate, secure and automate critical network services so businesses can move fast without compromise. Visit or follow us on LinkedIn.
