216.73.217.80

Blurred Lines: AdTech Abuse Delivers Browser Hijackers Through the Microsoft Store

· Published 02/04/2026 19:24 · Modified 02/04/2026 17:32

Export JSON

Essential information

Published
02/04/2026 19:24
Modified
02/04/2026 17:32
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
microsoft store phantomjack pseudotds trinity cyber
Tags
2026-04-02 microsoft store phantomjack pseudotds trinity cyber
Related entities
77 indicators, 77 observables, 4 techniques (mitre), 2 malware, 27 others

Description

A newly uncovered campaign abuses the Trillion (formerly Trellian) AdTech network, mimicking the flow of a Traffic Direction System (TDS) to trick visitors of typo-squatted domains into downloading apps that contain browser hijacking malware. While the abuse of AdTech networks to deliver malware isn’t new, this campaign highlights incredibly similar tactics to VexTrio and previous TDS networks; further blurring the line between AdTech and malicious TDS systems.

External references