More than 60 different threat operations, including SocGholish and ClearFake actors, have become affiliates of the massive VexTrio malware brokerage program, making the group the most substantial broker of malicious traffic, The Hacker News reports.
Over 70,000 domains are being operated by VexTrio, which has provided all its affiliates possibly recruited from dark web sites their dedicated servers for attacks, according to a report from Infoblox. Aside from enabling the participation of various actors in attack chains, VexTrio was also found to manage numerous TDS networks to fuel profits.
"VexTrio's advanced business model facilitates partnerships with other actors and creates a sustainable and resilient ecosystem that is extremely difficult to destroy. Due to the complex design and entangled nature of the affiliate network, precise classification and attribution are difficult to achieve. This complexity has allowed VexTrio to flourish while remaining nameless to the security industry for over six years," said Infoblox.
Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.