{
  "name": "\"Click to Allow\" Robot Exposes Online Fraud Empire",
  "slug": "click-to-allow-robot-exposes-online-fraud-empire",
  "description": "VexTrio, a cybercriminal organization, has been exposed for running a vast online fraud empire involving scams, spam, and malicious apps. Their operations include fake dating sites, cryptocurrency scams, and deceptive apps that have been downloaded millions of times. VexTrio uses sophisticated traffic distribution systems to deliver their scams, often infringing on well-known brands and celebrities. They also operate extensive spam networks, using lookalike domains of reputable email services. The group's activities extend beyond their core fraud business, with connections to seemingly legitimate enterprises in various industries. Despite operating for 15 years, VexTrio has managed to avoid legal consequences, highlighting the challenges in combating such large-scale online fraud operations.",
  "published": "2025-08-12T16:54:49+00:00",
  "created_at": "2025-08-12T16:54:49+00:00",
  "modified_at": "2025-08-12T17:55:59+00:00",
  "created_at_opencti": "2025-08-12T16:54:49+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-08-12",
    "affiliate marketing",
    "cryptocurrency fraud",
    "cybercrime",
    "dating scams",
    "malicious apps",
    "scams",
    "spam",
    "traffic distribution"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "www.pattern-trader.net"
      },
      {
        "id": "",
        "name": "vm-technitrade.holacode.tech"
      },
      {
        "id": "",
        "name": "vm-oilimpex.holacode.tech"
      },
      {
        "id": "",
        "name": "spf.smtp.com"
      },
      {
        "id": "",
        "name": "spf.ynotmail.com"
      },
      {
        "id": "",
        "name": "smtp.trafficiq.com"
      },
      {
        "id": "",
        "name": "mail.holaco.de"
      },
      {
        "id": "",
        "name": "eugene-ios-mvp.apperito.dev"
      },
      {
        "id": "",
        "name": "telychko.com"
      },
      {
        "id": "",
        "name": "trafficiq.com"
      },
      {
        "id": "",
        "name": "sendgrid.rest"
      },
      {
        "id": "",
        "name": "place-more-prizes.life"
      },
      {
        "id": "",
        "name": "multipleprofit-now.life"
      },
      {
        "id": "",
        "name": "mailgun.fun"
      },
      {
        "id": "",
        "name": "holacode.tech"
      },
      {
        "id": "",
        "name": "hedonism.global"
      },
      {
        "id": "",
        "name": "fidelitymail.com"
      },
      {
        "id": "",
        "name": "fidelityemail.com"
      },
      {
        "id": "",
        "name": "fastminingpro.com"
      },
      {
        "id": "",
        "name": "empowermanpower.com"
      },
      {
        "id": "",
        "name": "defendyourpc.com"
      },
      {
        "id": "",
        "name": "datingcell.com"
      },
      {
        "id": "",
        "name": "datasnap.ch"
      },
      {
        "id": "",
        "name": "cuddlydating.com"
      },
      {
        "id": "",
        "name": "cryptoprofit.life"
      },
      {
        "id": "",
        "name": "bit-wagifouzolu.top"
      },
      {
        "id": "",
        "name": "articheck.ch"
      },
      {
        "id": "",
        "name": "base-fastbitco.top"
      }
    ],
    "intrusion_sets": [
      {
        "id": "416b1b6f-63c3-4c69-bc29-231cba9a327d",
        "name": "VexTrio",
        "slug": "vextrio"
      }
    ],
    "attack_patterns": [
      {
        "id": "7616ff60-a18f-4663-9824-b889aa01c8ce",
        "name": "T1588"
      },
      {
        "id": "9c5a20d1-0df9-4e99-bcc5-0b731a78b5d1",
        "name": "T1608"
      },
      {
        "id": "1e043fe4-2413-4b8e-887c-0fe45d095a24",
        "name": "T1583"
      },
      {
        "id": "fe6f2946-a01e-460c-9636-8c48b45dd0e6",
        "name": "T1189"
      },
      {
        "id": "5dee2969-7083-430e-9083-73bab54c3a18",
        "name": "T1590"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "0b2b1ecd-d52e-492a-af08-050954bc03e5",
        "name": "T1056"
      },
      {
        "id": "c340d47a-2ea8-41ca-9a0b-a72559b89bbf",
        "name": "T1584"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      }
    ]
  },
  "external_refs": [
    "https://blogs.infoblox.com/threat-intelligence/vextrio-unmasked-a-legacy-of-spam-and-homegrown-scams",
    "https://otx.alienvault.com/pulse/689b8df946fb62b515c0392e"
  ]
}