Cybercrime has taken an alarming turn with the discovery of a criminal group known as VexTrio Viper, which specializes in developing and distributing malicious applications disguised as useful tools in official app stores like Google Play and Apple. According to an analysis, VexTrio has launched several applications that present themselves as VPNs, RAM cleaners, dating services, and spam blockers, achieving millions of downloads in total.
The new face of cybercrime
Malicious applications deceive users into signing up for hard-to-cancel subscriptions, in addition to flooding them with ads and stealing personal information, such as email addresses. For example, a user of the Spam Shield block app reported that he was charged multiple times without his consent, thus highlighting the deceptive practices of the group.
Since at least 2015, VexTrio has operated a traffic distribution network that diverts large volumes of internet traffic to scams through its advertising networks. This includes the management of payment processors and email validation tools, creating an ecosystem that makes fraudulent activities harder to trace.
Additionally, VexTrio operates as a network of commercial affiliates, connecting malware distributors with actors promoting fraudulent schemes, reflecting the complexity of their operations. With over 100 companies and brands linked to their activity, this group represents a significant challenge for digital security.
Cybersecurity experts, such as Dr. Renée Burton, suggest that the focus has been excessively on traditional malware, while frauds using malicious advertising technology have not received the same severity in their analysis. This highlights the need for greater education in cybersecurity and awareness of these types of scams.
