A recent study conducted by Infoblox has revealed the existence of a massive “criminal affiliative program” involving several notorious cybercrime groups, including Clearfake and Socgholish. The program’s primary partner is Vextrio, which is described as the largest mediator of harmful traffic in the history of cybersecurity (source).
According to the study, Vextrio’s activities have been ongoing since approximately 2017. The group employs an algorithm that generates domain names based on a dictionary. This technique, known as domain name generation algorithm (DDGA), enables attackers to evade detection and blocking by frequently changing domain names in an abstract manner. Whenever a malicious program or bot connects to the server, it generates a new domain name using the dictionary and algorithm, making it challenging to track and block them effectively.