- The group known as Vane Viper is linked to a major network supporting malvertising, ad fraud, and Malware for over ten years.
- Vane Viper operates through shell companies and a complex ownership structure to avoid accountability.
- About 60,000 domains are part of their network, with many only active for less than a month before shutting down.
- The network uses push notification abuse and compromised sites to spread riskware, spyware, and unwanted software, affecting both computers and mobile devices.
- Vane Viper is connected to commercial ad companies like PropellerAds and AdTech Holding, which deny any wrongdoing.
Security researchers from Infoblox, Guardio, and Confiant have revealed that the group called Vane Viper is behind a large-scale network spreading malicious ads and cyber threats worldwide. The findings show the group relies on a complex set of shell companies and hidden ownership to avoid consequences for their actions. Vane Viper has operated for at least a decade, providing infrastructure for malware delivery, phishing, and ad fraud.
Investigators estimate that about 1 trillion DNS queries associated with Vane Viper passed through networks over the past year, impacting about half of Infoblox customer environments. The group manages close to 60,000 domains, using them to redirect users to threats like fake shopping websites, scam surveys, adult sites, sketchy software, and even mobile malware. Some domains stay active for years, while most disappear after a few weeks.
A report explained that Vane Viper abuses web browser push notification permissions, continuing to deliver ads and unwanted notifications even after users leave the original page. This method uses “service workers,” a web technology that enables sites to run background processes in the browser.
Guardio Labs documented a campaign called DeceptionAds, which used this infrastructure for social engineering attacks. The group was linked to a company named Monetag, stated as a subsidiary of the commercial ad network PropellerAds. In turn, PropellerAds is owned by AdTech Holding, based in Cyprus. Domains connected to PropellerAds have previously been flagged for supporting malvertising and distributing malware through exploit kits.
Research suggests Vane Viper shares infrastructure and staff with other companies, such as URL Solutions, Webzilla, and XBT Holdings. URL Solutions has also been linked to Russian disinformation campaigns. Other companies connected to AdTech Holding include ProPushMe, Zeydoo, Notix, and Adex.
While PropellerAds has publicly denied any involvement, calling itself just an automated ad service, analysis shows that many malicious domains and fraudulent ad campaigns originate from its infrastructure. Activity spiked in late 2024, with a new high of 3,500 domains registered in one month.
Infoblox concluded, “Vane Viper isn’t just a threat actor hiding behind an adtech platform. It’s a threat actor as an adtech platform.” They added, “Vane Viper hides behind the plausible deniability of operating as an advertising network, while using their TDS [traffic distribution system] to deliver multiple kinds of threats.”
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Intel Stock Surges as Apple Investment Talks Spark Fresh Optimism
- Circle Considers Reversible USDC Transactions Amid Industry Scrutiny
- Bitcoin Sell-Off Deepens; Spot Buyers Emerge as $107K Looms
- Radix Rewards Launches Referral System, Boosts User Earnings
- Chinese Tech Stocks Hit Record High as AI Surge Drives Rally
