In a recent report by researchers, it has been revealed that a network of over 70,000 hijacked websites, known as VexTrio, is being used to distribute malware, serve phishing pages, and engage in other fraudulent activities. The network has been functioning since 2017 or earlier, but details about its operation have only recently emerged. VexTrio operates similarly to traffic distribution systems used in marketing, redirecting visitors to compromised websites to pages that contain malware downloads or fake login screens. At least 60 affiliates are involved in the network, providing compromised websites and receiving a share of the profits from redirecting web traffic. Check Point classified VexTrio as a “considerable” security risk in its January global threat index. One strain of malware pushed via VexTrio, known as SocGholish, was the most prevalent malware in January, affecting four percent of observed organizations worldwide. Another malware, ClearFake, is also pushed via VexTrio. Additionally, ransomware groups such as LockBit3 and 8Base have had a strong start to 2024. However, the reliability of these numbers, which are based on leak sites operated by ransomware groups, is uncertain.
VexTrio network hacking sites, spreading malware in stealthy style
Latest from News
City sues dark web researcher over ransomware warning in Columbus
TLDR: Columbus, Ohio experienced a major cyberattack by the Rhysida Group, suspected to be linked to Russia. Dark web expert Connor Goodwolf warned the
WETEX 2024 showcasing cutting-edge cybersecurity tech and trends
TLDR: Key Points: WETEX 2024 will spotlight latest cybersecurity technologies and trends. Top showcases include companies specializing in digital transformation, sustainability, and smart grids.
UK huddles countries to discuss worldwide cybersecurity
TLDR: UK convenes nations for talks on global cybersecurity Talks will focus on strengthening global cybersecurity workforces and developing new professional standards Article Summary:
Deadline approaching: Update your Microsoft Windows by October 1st
TLDR: CISA has mandated that three Windows vulnerabilities be patched before October 1 to protect against active exploitation by threat actors. The vulnerabilities impact
Kawasaki hit by cyber attack, RansomHub tagged as culprits
TLDR: Key Points: Kawasaki Motors Europe (KME) confirms cyber attack in early September, causing temporary disruptions. Ransomware gang RansomHub claims responsibility for the attack,