What is the Real Relationship between WordPress Hackers and Malicious Adtech?
Essential information
- Published
- 13/06/2025 07:59
- Modified
- 13/06/2025 08:28
- Tags
- 2025-06-13 adtech affiliate networks balada dns dollyway hackers malware push notifications sign1 tds wordpress
- Related entities
- 83 observables, 1 intrusion sets (apt), 8 techniques (mitre), 3 malware, 4 others
Description
An investigation into VexTrio, a malicious traffic distribution system (TDS), revealed surprising connections between WordPress hackers and adtech companies. When VexTrio's operations were disrupted, multiple malware actors migrated to a new TDS that was discovered to be related to VexTrio. Several commercial TDSs were found to share software elements with VexTrio and benefit from its relationship with website malware actors. The investigation uncovered a complex network of adtech firms, including Partners House, BroPush, and RichAds, that use similar technologies and tactics to distribute malicious content. These firms have information about the identities of malware actors, which could potentially lead to their disruption.