{"id":101651,"date":"2025-09-17T17:08:27","date_gmt":"2025-09-17T13:08:27","guid":{"rendered":"https:\/\/techxmedia.com\/en\/?p=101651"},"modified":"2025-09-17T17:08:27","modified_gmt":"2025-09-17T13:08:27","slug":"infoblox-threat-intel-exposes-vane-viper-adtech-scam","status":"publish","type":"post","link":"https:\/\/techxmedia.com\/en\/infoblox-threat-intel-exposes-vane-viper-adtech-scam\/","title":{"rendered":"Infoblox Threat Intel Exposes Vane Viper AdTech Scam"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Infoblox\">Infoblox<\/a> Threat Intel has revealed new findings on \u201cVane Viper,\u201d a threat actor posing as a legitimate adtech company. The group runs affiliate advertising programs and is directly involved in malware distribution.<\/p>\n\n\n\n<p>Researchers reported tracking Vane Viper, first known as Omnatuor, for over three years. The group is widespread, with malvertising domains seen in about 50% of customer networks. According to Tranco, several domains rank in the top 10k globally, with one tracking domain reaching the top 1k.<\/p>\n\n\n\n<p>Infoblox Threat Intel discovered that Vane Viper operates as AdTech Holding, the parent company of PropellerAds. The report revealed that the company profits from compromised websites and deceptive ads used to spread malware and digital fraud campaigns.<\/p>\n\n\n\n<p>After years of DNS detections, researchers engaged with Vane Viper\u2019s traffic distribution system (TDS). They found the group to be an active participant in malicious activity, not just an abused provider. PropellerAds reportedly delivered harmful content and even malware directly to Infoblox researchers.<\/p>\n\n\n\n<p>Key findings include:<br>\u2022 Vane Viper generated over 1 trillion DNS queries in the past year.<br>\u2022 It operates through PropellerAds and other subsidiaries using compromised sites and ads.<br>\u2022 Over 60,000 domains are linked, many active for days, some for more than 1,200 days.<\/p>\n\n\n\n<p>The research also found infrastructure overlaps with Webzilla\/XBT Holdings, previously linked to Methbot ad fraud and Russian disinformation campaigns.<\/p>\n\n\n\n<p>Dr. Ren\u00e9e Burton, VP of Threat Intel at Infoblox, said that <a href=\"https:\/\/techxmedia.com\/en\/?s=cybercriminals\">cybercriminals<\/a> are no longer just exploiting adtech platforms, but sometimes are the platforms themselves.<\/p>\n\n\n\n<p>The report concluded that malicious actors are leveraging the adtech ecosystem for fraud and malware delivery, putting global digital safety at risk.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Infoblox Threat Intel has revealed new findings on \u201cVane Viper,\u201d [&hellip;]<\/p>\n","protected":false},"author":58,"featured_media":101667,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1595,9621],"tags":[1051],"contributor":[9732],"class_list":["post-101651","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-emerging-technologies","tag-vendors","contributor-news-desk"],"featured_image_src":"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2025\/09\/Infoblox.jpg","author_info":{"display_name":"Lubna","author_link":"https:\/\/techxmedia.com\/en\/author\/lubna\/"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/101651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/users\/58"}],"replies":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/comments?post=101651"}],"version-history":[{"count":1,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/101651\/revisions"}],"predecessor-version":[{"id":101652,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/101651\/revisions\/101652"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media\/101667"}],"wp:attachment":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media?parent=101651"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/categories?post=101651"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/tags?post=101651"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/contributor?post=101651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}