CyberWire Daily Beyond the smoke screen. [Research Saturday]
19 snips
Aug 23, 2025 Renée Burton, VP of Threat Intelligence at Infoblox, dives into the world of digital fraud through VexTrio, a traffic distribution system behind extensive scams. She reveals how just 250 virtual machines orchestrate a massive global ad fraud operation, connecting to individuals and shell companies across Europe. The discussion highlights VexTrio’s criminal supply chain—featuring fake apps and dating scams—and calls for accountability in the adtech industry to combat these threats. Burton sheds light on the critical yet overlooked role of cybersecurity in preserving trust in digital ecosystems.
AI Snips
Chapters
Transcript
Episode notes
Evolution From Spam To Adtech Powerhouse
- VexTrio evolved from spam and dating scams into a sophisticated malicious adtech operation over years.
- Two origin clusters (Italy spam/dating and Prague DevOps TDS builders) merged and centralized in Lugano around 2020.
TDS Acts As A Cloaked Decision Maze
- Traffic distribution systems (TDS) act as hidden decision mazes that cloak the final malicious destination.
- TDS fingerprint visitors and route them to the most profitable scam or malware landing page.
Scareware Redirects From Trusted Sites
- Users often experience sudden scary popups like fake Windows Defender alerts when redirected from compromised sites.
- Renée Burton described tech support scareware as a typical frightening user encounter with TDS routes.