CyberWire Daily When clicks turn criminal. [Research Saturday]
10 snips
Nov 15, 2025 Dr. Renée Burton, Vice President of Threat Intelligence at Infoblox, dives deep into the rogue world of Vane Viper, a Cyprus-based entity entwined with one of the largest ad networks, PropellerAds. She reveals how this network operates as a criminal infrastructure, profiting from fraud and disinformation. The conversation uncovers the alarming connection between adtech and organized crime while offering practical advice for users to navigate these treacherous digital waters. Discover the dark side of the ad ecosystem and the implications for online safety.
AI Snips
Chapters
Transcript
Episode notes
Discovery Via A Push Notification
- Renée Burton described discovering VeinViper after a deceptive push-notification pop-up led her to trace domains and DNS records.
- It took about two years of investigation to realize the operator used registered companies as fronts.
Trillion DNS Queries Signal Massive Reach
- Infoblox observed roughly a trillion DNS queries tied to VeinViper in customer environments over about a year.
- That scale implies massively popular domains reaching both consumers and enterprises worldwide.
Ad Network Acting As Malicious Distributor
- VeinViper operates as a profit-driven ad network that distributes scams and malware via advertisers and publishers.
- Infoblox observed direct malware drops from IPs owned by the actor, indicating active malicious distribution.