Threat actors have compromised 70,000 previously legitimate websites and created a powerful network capable of distributing malware.

Named VexTrio, this network of compromised websites appears to have started in 2017, but it’s only more recently that details around its activity have emerged. As well as distributing malware, the VexTrio network also utilizes phishing pages, and allows the VexTrio hackers to harvest login credentials. The campaign is a significant one, and one which is powerful enough to cause harm to anyone who gets caught up in its operations. Therefore, it’s time to take a look at the VexTrio campaign to see what we can learn.

Understanding the VexTrio Network

The VexTrio campaign relies on a malicious traffic distribution system (TDS) to lead unsuspecting internet users to compromised websites. A TDS is, in simple terms, a web application used to analyze and filter incoming traffic and, following the analysis, redirect it to a specific page. Typically, the activities of a TDS are facilitated by malvertising activities or malicious websites. VexTrio favors using malicious websites.

Working with a number of affiliates, many of whom offer access to hijacked websites, VexTrio has managed to amass a sizeable network over the last seven years. And VexTrio are very much the middle-man in the operation. For a fee, VexTrio will feed incoming traffic through their TDS and forward innocent victims towards the websites they’re mostly likely to be interested in. It’s very similar to legitimate advertising networks, but with a vicious sting in its tale.

The malicious websites which comprise the VexTrio network contain a wide range of threats. For example, one of the affiliates, known as ClearFake, tricks users into downloading what is claimed to be a browser update, but is little more than malware. SocGholish, another well-known malware threat, is part of the VexTrio network and uses it to push unauthorized access to corporate websites.

Don’t Fall Victim to VexTrio

The threat of VexTrio is a substantial one, and organizations need to be aware of the damage it can cause. Luckily, you can protect yourself and your IT systems by implementing the following best practices:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


It’s difficult to avoid online ads these days. This makes them the perfect target for hackers. And this is what they have done with the Bumblebee malware. 

It’s estimated that the average American is exposed to between 4,000 to 10,000 online ads a day. And each one of these ads has the potential to carry malware. Therefore, it’s not surprising that threat actors have started exploiting them. This recent attack, however, has also employed SEO poisoning in its campaign – this is a method by which hackers create malicious websites and tempt visitors there with high-demand keywords. 

Bumblebee, then, is a credible threat to your organization and its IT systems. Consequently, it’s important that you know how it operates and, most importantly, how to avoid it. 

What Do You Need to Know about Bumblebee? 

First discovered in April 2022, the Bumblebee malware is classed as a ‘malware loader’ variant. This means that it is used to connect a remote attacker directly with the infected system. It’s believed that Bumblebee comes from the same hacking group behind BazarLoader. Bumblebee, however, is more powerful and is backed by enhanced stealth capabilities. So, not only is it capable of causing greater damage, it’s also harder to detect. This, as I’m sure you’ll agree, is the last thing any PC owner wants to hear. 
 
The most common approach for Bumblebee is to use Google Ads to lay bait for unsuspecting PC owners. For example, a Google Ad promising a free SQL to NoSQL guide was used to redirect those who clicked it to a fake download page. We say “a fake download page” but it did, in fact, take people to a page where a download occurred. Instead of a free guide, though, it instead downloaded Bumblebee. This malware was then opened and, to reduce detection, loaded Bumblebee into the infected system’s memory. 

Typically, Bumblebee has been targeting businesses rather than consumers. Ransomware, therefore, has been at the front of the threat actors’ operations. But this is achieved through highly detailed planning. Upon the initial infection, Bumblebee quickly downloads a series of malicious tools such as remote access services, network scanning apps and keystroke loggers. This strategy allows the attackers to identify weak spots and deploy ransomware where it will be most effective. 

How Do You Beat Bumblebee? 

All business owners can agree that ransomware is a headache they can do without. So, how do you keep your systems safe from the Bumblebee attack? Well, you may be surprised that the following tips make it very easy: 

  • Keep your software up to date: malicious ads often take advantage of vulnerabilities in outdated software. By keeping your web browser, operating system, and other software up to date, you can reduce your risk of falling victim to malvertising attacks

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


Despite experiencing a major obstacle a year ago, in the form of Google’s anti-malware efforts, the Glupteba malware is back.

First discovered in 2011, Glupteba is a veteran of the malware scene, although one which goes through periods of intense activity before disappearing for years at a time. A classic botnet, Glupteba has always focused on stealing data, but it has also made sure it has a backup plan in the form of targeting router exploits. Therefore, the news of its re-emergence is troubling for your IT infrastructure. And, given that Glupteba has been updated to be even stronger than ever before, you’re going to need to be on high alert.

Thankfully, we’re on hand to look at this malware and provide some critical advice on how to protect your organization.

Glupteba’s Latest Campaign

Following Google’s disruption of Glupteba’s botnet, which operated on the blockchain, Glupteba went quiet for several months. However, in June 2022 it was discovered that a new campaign had been launched, one which remains active as of this time of writing. Glupteba’s latest strategy targets Windows devices and has set its sights on harvesting data, using infected devices to mine cryptocurrency and setting up unauthorized proxies.

Glupteba is transmitted via traditional infection methods which include malicious installers (typically promoting themselves as free software installers) and through malvertising campaigns. As Glupteba is blockchain enabled, this gives it the ability to constantly change the command and control servers it uses. And, as it uses blockchain transaction data (which cannot be erased) to facilitate its attack, it’s very difficult to make a dent in the power of Glupteba’s botnet. These attacks often employ TOR services as well, a move which makes tracing the attacks next to impossible.

Staying Safe from Glupteba

One word in particular keeps being used when discussing Glupteba’s latest campaign: resilient. The source of its resilience comes from its design, one that uses deception and stealth to protect its operators and ensure it continues to spread. But this doesn’t mean you need to fall victim to Glupteba. If you make sure you follow good cybersecurity practices, you should be able to keep your IT infrastructure safe. All you have to do is:

  • Understand the threat of malvertising: the internet is full of malicious adverts, but there are ways you can make your PC safer. The simplest way to do this is by installing an ad-blocker, these will block both irritating and malicious adverts, so it’s a win-win situation. Malvertising is also known to use exploits to spread its payload, so you need to make sure your browsers are fully patched and up to date.
  • Monitor network activity: as Glupteba is a botnet, its operations are likely to lead to a spike in network traffic. And, if unauthorized proxies have been set up, this network activity is likely to go stratospheric. Therefore, you need to keep your network activity monitored to help you analyze any anomalies which may act as an early warning system.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


The world of malware is a complex one due to the sheer variety of forms it can take. And it’s these differences which make it difficult to deal with.

The term malware is generally used as an all-encompassing term to describe a piece of malicious software. But, over the years, many different strains of malware have emerged as hackers evolve their tools and techniques. These strategies are often put into action to help avoid detection, but sometimes these new strains are the result of changes in technology.

Regardless of the reasons for developing a new malware variant, the end result is the same: a threat to your PC.

It’s vital that these threats are countered to protect your networks and your data; the best way to secure this safety is by understanding the different types of malware.

Identifying the Most Common Malware Variants
It’s difficult to put a precise number on all the malware strains that are out in the digital wild, but these are five of the most common forms:

1. Ransomware: One of the most debilitating forms of malware, in terms of finance and productivity, ransomware has generated many headlines over the last few years. It’s a type of malware which infects PCs and encrypts crucial files. The only way to decrypt these locked files is by paying a ransom, usually demanded in an untraceable cryptocurrency, in order to obtain a key for their release.

2. Malvertising: We all find online adverts irritating, but usually all we have to do is either close or mute the advert. With malvertising, however, things are more sinister. A new take on malware, malvertising laces legitimate online adverts with malicious files . And what’s most troubling about this malware strain is that it doesn’t require any user action e.g. clicking on the advert. If the advert runs then the malware is active.

3. Botnets: Hackers like to strengthen their attacks and one of the simplest ways for them to achieve this is by infecting large numbers of PCs. By collecting together whole networks of PCs, a hacker can use these numbers, and associated processing power, to launch large attacks on other networks and websites. These botnets are created through malware attacks and are causing particular problems within IoT networks.

4. Spyware: Data is crucial to organizations and, due to its value, is also highly prized by hackers. Not only can data be used to access secure systems, but financial data is extremely valuable. Therefore, hackers are keen to steal this data; spyware represents one of the easiest methods of achieving this. Once a PC is infected with spyware it’s every action is monitored, logged and transmitted e.g. keystrokes are recorded to reveal sensitive login details.

5. Fileless Malware: One of the more recent developments in malware, fileless variants are exactly what they sound like: no files necessary. Fileless malware sidesteps the traditional route of operating within the hard drive and, instead, works within a PCs memory. This is a clever approach as anti-malware software concentrates on hard drive activity. From the relative safety of a PCs memory, fileless malware leaves little evidence of its presence.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More