VexTrio User Experience 2/N ....

It starts by visiting a compromised website and performing a fake captcha. This allows them to push notifications. In one thread, you may accept pushes from both VexTrio and an affiliate. Now your phone is filled with a wide variety of scams and sketchy apps.

Below is
* The VexTrio fake captcha (there are several variants of this)
* A typical screen for me these days

Mostly scams. I did have one push notification "from God" with a message for me. Clicking on that took me to beliefnet[.]com and then to the LDS page. I suspect that belieftnet[.]com is just buying ad space from some network and somehow it ends up being delivered via VexTrio's own networks.

If you unsubscribe from notifications, in many cases, you instantly receive several notifications from another domain. I don't really understand how that works, because all of this is via Google or Firefox systems. But i've done it multiple times.

#dns #threatintel #cybercrime #scam #malvertising #infobloxthreatintel #infoblox #vextrio #cybersecurity #phishing #infosec