banner1
banner2

HOME
Security

VexTrio’s Global Scam Network Exposed

by VARINDIA 2025-06-14
VexTrio’s Global Scam Network Exposed
WordPress Sites Used to Spread Malware and Phishing.
 
 
 
Cybersecurity researchers have uncovered a massive global scam operation run by VexTrio, a network of malicious adtech companies. This group, along with its partners, hijacks compromised WordPress websites to trick users into visiting phishing sites, downloading malicious software, or falling for online scams.

How VexTrio Works

VexTrio uses a system called Traffic Distribution Systems (TDS), which reroutes web users from hacked websites to dangerous destinations. These redirects are often done using tools like SmartLinks or direct ad offers, disguising harmful links as regular ads. The group’s network includes shady ad companies such as Los Pollos, Taco Loco, and Adtrafico—all known for promoting gift card scams, fake apps, and fraudulent websites.

Weaponizing WordPress

As per media reports, a major part of scammers strategy involves injecting malicious code into popular WordPress sites. This code automatically redirects visitors through a chain of scam-filled links. Some of the well-known infection campaigns used are Balada, DollyWay, Sign1, and DNS TXT record injections. These scripts tap into global traffic networks to secretly deliver malware, often without the user realizing it.

Ad Networks Fuel the Scam

The exposed connection between Los Pollos and VexTrio in November 2024 forced a brief halt in one part of the scam network. However, other players like Help TDS and Disposable TDS quickly took over. These platforms act as middlemen, redirecting user traffic to scam sites or monetization platforms like Monetizer, which work similarly using TDS technology.

Links to Russia and Broader Concerns

According to the reports, many domains and servers linked to Help TDS are hosted by Russian providers, suggesting deeper ties to Russian cybercriminal infrastructure. While Help TDS claims independence, its tight connection with VexTrio—shared tools and traffic redirection patterns—suggests coordinated activity.

VexTrio isn't alone. Other shady networks like Partners House, RichAds, and RexPush use push notifications, Firebase Cloud Messaging (FCM), and custom scripts to trick users and deliver scam links directly to their browsers.

The Bigger Picture

Globally, hundreds of thousands of hacked websites now redirect unsuspecting users into VexTrio’s scam web. Though these actors work under the cover of affiliate marketing, many operate in countries with Know Your Customer (KYC) laws. This means that, if enforced, there is enough information to trace these networks back to the real people behind them.

In summary, VexTrio’s global scam network poses a major cybersecurity threat, especially through WordPress vulnerabilities and deceptive adtech platforms. Users are urged to stay vigilant, update their site software, and avoid interacting with suspicious links or ads.
 
er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Scammers exploit Labubu craze with global fake websites

Scammers exploit Labubu craze with global fake websites

VexTrio’s Global Scam Network Exposed

VexTrio’s Global Scam Network Exposed

Zscaler announces new solutions to strengthen Zero Trust Everywhere

Zscaler announces new solutions to strengthen Zero Trust Everywhere

SOFTWARE
View All
Ericsson, Google Cloud collaborate on scalable AI-based 5G core

Ericsson, Google Cloud collaborate on scalable AI-based 5G core

Adobe powers Newell Brands’ marketing shift with Firefly and Express

Adobe powers Newell Brands’ marketing shift with Firefly and Express

Adobe unveils Express for ads to help small businesses create impactful campaigns

Adobe unveils Express for ads to help small businesses create impactful campaigns

START - UP
View All
MIPS and Cyient Semiconductor team up on custom RISC-V solutions

MIPS and Cyient Semiconductor team up on custom RISC-V solutions

Lenskart to Acquire Location AI Startup GeoIQ

Lenskart to Acquire Location AI Startup GeoIQ

GTT Data reports ₹16.53 Cr revenue, sets sights on AI-driven expansion

GTT Data reports ₹16.53 Cr revenue, sets sights on AI-driven expansion

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
Google Meet Introduces Real-Time Speech Translation

Google Meet Introduces Real-Time Speech Translation

Regulatory Pressure Spurs Cybersecurity Spending

Regulatory Pressure Spurs Cybersecurity Spending

India Tops Global AI Trust with 76% Confidence 🇮🇳

India Tops Global AI Trust with 76% Confidence 🇮🇳

Hidden Dangers in the Cloud: Public Storage Missteps Exposed

Hidden Dangers in the Cloud: Public Storage Missteps Exposed

Tesla Pi Tablet Rumours Shake Up Tablet Market: Innovation Incoming

Tesla Pi Tablet Rumours Shake Up Tablet Market: Innovation Incoming

It’s time to Secure Enterprise AI from Model Poisoning

It’s time to Secure Enterprise AI from Model Poisoning

Regulated Industries Embrace On-Premise AI for Compliance & Control

Regulated Industries Embrace On-Premise AI for Compliance & Control

Sadhguru Seeks Court Protection Against AI Deepfakes

Sadhguru Seeks Court Protection Against AI Deepfakes

Travel Smarter: Stay Alert to Tourism Scams

Travel Smarter: Stay Alert to Tourism Scams

India Surpasses Japan to Become the World’s 4th Largest Economy

India Surpasses Japan to Become the World’s 4th Largest Economy

dsf