Scammers DO take vacations. Lots of them. These are social media from VexTrio key figures - tons more where these came from.
Don't blame the victim, blame the guy on a private jet to a Coldplay concert. fr fr.
Scammers DO take vacations. Lots of them. These are social media from VexTrio key figures - tons more where these came from.
Don't blame the victim, blame the guy on a private jet to a Coldplay concert. fr fr.
Last week we released the first of a three part VexTrio origin story. The second part is now available. This research includes more than 200 open source references to help others validate the results and start their own investigations.
As of Tuesday, August 5th, all of those links were valid and all went directly to open material …. so anything that is gone, or social media that is now closed… welp, that's the actors, not us. Feel free to report missing things in this thread. :)
The second part of this story focuses on the VexTrio activities that extend beyond their well-known traffic distribution systems (TDS). Enjoy.
#dns #threatintel #scam #tds #infoblox #spam #cybercrime #cybersecurity #infosec #malware
I'm slightly amused by this phishing email. It's spoofing the "suspicious login activity" emails that we all get, but because it's fake and you obviously are not the person who is said to have logged in, the button can't say "This was me."
Instead, the prompt is reversed to say "This Wasn't Me."
I have to imagine the first version of this malicious email was composed in error and it actually did read "This Was Me" which would result in even the most gullible person not clicking it.
2025-08-11 (Monday): Quick post of an #XLoader ( #Formbook ) infection, with a #pcap, email, and #malware sample available at https://www.malware-traffic-analysis.net/2025/08/11/index.html
VexTrio's origins come from two distinct groups: an Italian group we can date back to 2004 and a Russian-speaking Eastern European group. The Italians were quite successful early on, with a dating app that was among the fastest growing on Facebook in 2012. But our guess is that their profits slid in the years that followed. In 2020, there is an merger-acquisition which leaves the Eastern Europeans in charge. They gain the trademarks, knowledge in spam distribution, and who knows what else.
While developers remain in eastern Europe, VexTrio created business headquarters in Lugano, Switzerland. Including the existing AdsPro, which developed the Los Pollos, Taco Loco, and Adtrafico traffic distribution systems (TDS) through their software company HolaCode. (ok it's more complicated than that, but this is the cliffsnotes version). We have identified nearly 100 businesses associated with 8 key figures in many industries, including construction, energy, and advertising.
So in the end, what is VexTrio? It's hard to say. We originally used it to refer to the TDS. Nice clean lines... but now, for us it is all the people and their labyrinth of companies.
We spoke at BlackHat last week so if you have a briefings pass you can listen to that. Otherwise, find our research online and start your own investigation.
Researchers cracked the encryption used by #DarkBit #ransomware
https://securityaffairs.com/181064/malware/researchers-cracked-the-encryption-used-by-darkbit-ransomware.html
#securityaffairs #hacking #Iran #Israel #malware
WinRAR zero-day CVE-2025-8088 exploited by Russian hacker group RomCom in targeted attacks on financial & defense sectors
Malicious RAR files drop stealthy malware on extraction. Update to v7.13 NOW to stay protected!
#WinRAR #ZeroDay #Cybersecurity #Malware #RomCom https://www.bleepingcomputer.com/news/security/details-emerge-on-winrar-zero-day-attacks-that-infected-pcs-with-malware/
#newz
It's not just #ai @scibooks is freely circulating #copyright material & every #mod should #ban to support the scientists whose living they're stealing
The website and advertisers also circulate #malware
That @physics regularly boosts these posts demonstrates that they don't care about the well-being of the #physicists, their rights over their own #physics work or the security of their own followers.
If they persist, these should also get blocked by all #scientists with a conscience
#science
#Adult sites are stashing #exploit code inside racy .svg files
Dozens of #porn sites are turning to a familiar source to generate likes on #Facebook — #malware that causes browsers to surreptitiously endorse the sites. This time, the sites are using a newer vehicle for sowing this malware—.svg image files.
#svg #security
Freundliche Erinnerung für alle WinRAR-Nutzenden, da WinRAR keine Update-Automatik besitzt:
Es ist Zeit für ein Update auf Version 7.13, hier ziehen: https://www.win-rar.com/
Die nun behobene Schwachstelle CVE-2025-8088 wurde in Phishing-Angriffen als Zero-Day ausgenutzt, um die RomCom-Malware zu installieren.
Fake #WhatsApp developer libraries hide destructive data-wiping code
Just a reminder - @mjwalk and I talk malware in DNS later today!
If we get time, we might even read y’all in on a brand new mystery we’re trying to track down.
DEF CON 33: Attending Plain TXT, Malicious Context: Uncovering DNS Malware on Aug 8, 2025 at 15:10 in LVCC - L1 - Exhibit Hall West 1 - 303 (Malware Village)
#hackertracker
I promised another shoe would fall... here is part one of the VexTrio origin story. It is just too big for one entry, so a few more will come in the next few weeks... and this is still a small fraction of what we know. The story of malicious adtech has long legs.
We had great reception at BlackHat. One of the most common questions was: why are you giving this talk? Simple. It's a story that needs to be told and one that is too big to carry alone. We are looking for message carriers in the media, champions in the government, partners in the industry.
Organized crime, predominantly Russian speaking, has a strong foothold in the advertising world - and they are ensuring the delivery of everything from dating scams to information stealers. Let's root them out together.
boosts for awareness appreciated.
#dns #threatintel #scam #malware #infosec #cybersecurity #cybercrime #infoblox
https://blogs.infoblox.com/threat-intelligence/vextrios-origin-story-from-spam-to-scam-to-adtech/
Black Hat: If it’s smart, it’s vulnerable
There were many new attack methods on show at the Black Hat security conference. Optimism is the order of the day: software is becoming increasingly secure.
11 malicious Go packages just found — infecting both Windows and Linux.
They silently download payloads, hijack shells, and can steal browser data.
Worse: they look legit, preying on confused devs importing from GitHub. #CyberAlerts #Malware https://thehackernews.com/2025/08/malicious-go-npm-packages-deliver-cross.html
Forscher warnen: Bisher unbekannte Linux-Backdoor ist seit Monaten aktiv - Golem.de
https://www.golem.de/news/forscher-warnen-bisher-unbekannte-linux-backdoor-ist-seit-monaten-aktiv-2508-198822.html #Cybercrime #Linux #Backdoor #Malware
Mircosoft's Project Ire, is building an autonomous system that uses specialized tools to reverse engineer and automatically dissect software files to understand how they work, what they do, and whether they’re malicious or benign. This kind of deep analysis is typically performed by human security experts.
Through iterative analysis, the LLM calls specialized tools through an API to identify and summarize key functions. Each result feeds into a “chain of evidence,” a detailed, auditable trail that shows how the system reached its conclusion. This traceable evidence log supports secondary review by security teams and helps refine the system in cases of misclassification.
https://www.microsoft.com/en-us/research/blog/project-ire-autonomously-identifies-malware-at-scale/ #Microsoft #Software #Malware #Security #Ire #AI
#security #malware #DigitalLiteracy
'When it comes to cybersecurity, humans are often seen as the weakest link, but new research suggests that with a little help, people can do a surprisingly effective job at identifying malware.'
https://uwaterloo.ca/news/media/youre-better-spotting-malware-you-think