A Dark Adtech Empire Fed by Fake CAPTCHAs
a year ago
- #disinformation
- #cybersecurity
- #malvertising
- Kremlin-backed disinformation campaigns use malicious advertising technology to bypass social media moderation.
- Doppelganger, a pro-Russian disinformation network, uses domain cloaking to spread fake news through cloned websites.
- Doppelganger shares infrastructure with VexTrio, a malicious traffic distribution system (TDS) linked to phishing and malware.
- LosPollos and TacoLoco, sketchy affiliate marketing services, drive traffic to VexTrio via hacked WordPress sites.
- LosPollos and TacoLoco are linked to Adspro Group, operated by Guilio Vitorrio Leonardo Cerutti.
- VexTrio and TacoLoco use deceptive CAPTCHA challenges to trick users into enabling push notifications for scams.
- Nearly 40% of compromised websites in 2024 redirected visitors to VexTrio via LosPollos smartlinks.
- Adspro rebranded to Aimed Global after Qurium and Infoblox exposed its operations.
- DollyWay malware shifted from VexTrio to Help TDS, revealing ties to other Russian-based TDS operators.
- Infoblox warns that Russian organized crime controls malicious adtech, delivering info stealers and scams.
- Users should limit approving web notifications and adjust browser settings to block them entirely.