Blurred Lines: AdTech Abuse Delivers Browser Hijackers Through the Microsoft Store
Essential information
- Published
- 02/04/2026 19:24
- Modified
- 02/04/2026 17:32
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- microsoft store phantomjack pseudotds trinity cyber
- Tags
- 2026-04-02 microsoft store phantomjack pseudotds trinity cyber
- Related entities
- 77 indicators, 77 observables, 4 techniques (mitre), 2 malware, 27 others
Description
A newly uncovered campaign abuses the Trillion (formerly Trellian) AdTech network, mimicking the flow of a Traffic Direction System (TDS) to trick visitors of typo-squatted domains into downloading Microsoft Store apps that contain browser hijacking malware. While the abuse of AdTech networks to deliver malware isn’t new, this campaign highlights incredibly similar tactics to VexTrio and previous TDS networks; further blurring the line between AdTech and malicious TDS systems.