At the Black Hat conference in Las Vegas, cybersecurity experts from Infoblox revealed new details about VexTrio, a highly organized cybercrime group running a traffic distribution system (TDS) that spreads malware, delivers fake security alerts, and tricks users into installing fraudulent apps.

Ahead of the event, Dr. Renee Burton, a threat intelligence researcher at Infoblox, explained how to identify and avoid malicious online advertising.

“Windows Defender, Microsoft, Google, none of those guys are going to suddenly take over your screen,” Burton said.

Contrary to the “hoodie-wearing hacker” stereotype, Infoblox’s research indicates VexTrio operates like a corporate enterprise. Based in Russia, the group reportedly runs multiple companies in the adtech sector.

“This is an organized crime effort run largely by Russians to take control of the world,” said Burton.

With a decade-long track record, VexTrio uses backend exploits in major websites to target unsuspecting users. Partnering with freelance hackers, the syndicate fingerprints visitors’ browsers to decide whether to display legitimate content or redirect them to malware, fake app downloads, or scam sites.

If you’ve ever been interrupted online by an urgent alert urging you to run a virus scan or install a VPN, you may have seen VexTrio’s tactics in action.

The group’s scareware campaigns often include fake captchas to harvest browser data or prompt users to enable push notifications, which then unleash waves of deceptive ads.

“Once you click Allow, you're now opted in and you’ll see a torrent of advertising, but it’s disinformation,” Burton warned. “Everything is a scam.”

Burton stressed that staying safe online means avoiding suspicious alerts, refusing unnecessary permissions, and reporting scams to the Internet Crime Complaint Center (IC3).

“As long as you don't allow anything, you’ll be OK. When all else fails, reboot your system.”