Vane Viper adtech-backed malvertising ecosystem
Threat Actor Meta
Summary
Hide ▲
Show ▼
Researchers now tie Vane Viper to PropellerAds and AdTech Holding, reframing a long-running operation as an adtech-backed cybercrime ecosystem that can endanger both consumers and enterprise users. The network uses hundreds of thousands of compromised websites and malicious ads to route victims toward exploit kits, malware droppers, botnets, scams, and ransomware campaigns. Its scale and infrastructure depth suggest the commercial ad stack is being weaponized as core distribution plumbing.
Related Happenings
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor Meta
First: 21.04.2026 17:00
Last: 21.04.2026 17:00
Sources 1
About this happening:
**The Gentlemen ransomware gang** is using a **legitimate vulnerable driver** to defeat enterprise defenses, weaponizing **ThrottleStop.sys** as **ThrottleBlood.sys** to kill **AV...
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor MetaAbout this happening: **The Gentlemen ransomware gang** is using a **legitimate vulnerable driver** to defeat enterprise defenses, weaponizing **ThrottleStop.sys** as **ThrottleBlood.sys** to kill **AV...
Cloudflare Radar Top Domains list redacts and hides Aisuru domains
Security Tool/Service
First: 06.11.2025 04:04
Last: 06.11.2025 04:04
Sources 1
About this happening:
**Cloudflare** redacted **Aisuru** domains from its **Top Domains** rankings after the botnet started gaming the public list and distorting trust signals. The update reduces the v...
Cloudflare Radar Top Domains list redacts and hides Aisuru domains
Security Tool/ServiceAbout this happening: **Cloudflare** redacted **Aisuru** domains from its **Top Domains** rankings after the botnet started gaming the public list and distorting trust signals. The update reduces the v...
Vane Viper / Omnatuor malicious adtech ecosystem powering malvertising and ad fraud
Threat Actor Meta
First: 25.09.2025 20:22
Last: 25.09.2025 20:22
Sources 1
About this happening:
Researchers **outed Vane Viper / Omnatuor** as a **malicious adtech** ecosystem that has powered **malvertising**, **ad fraud**, and **traffic brokering** for **at least a decade*...
Vane Viper / Omnatuor malicious adtech ecosystem powering malvertising and ad fraud
Threat Actor MetaAbout this happening: Researchers **outed Vane Viper / Omnatuor** as a **malicious adtech** ecosystem that has powered **malvertising**, **ad fraud**, and **traffic brokering** for **at least a decade*...
DeceptionAds ClickFix social-engineering campaign
Campaign
First: 25.09.2025 20:22
Last: 25.09.2025 20:22
Sources 1
About this happening:
The **DeceptionAds** operation used **Vane Viper's malicious ad network** to deliver **ClickFix-style social engineering**, expanding deceptive user reach through malvertising inf...
DeceptionAds ClickFix social-engineering campaign
CampaignAbout this happening: The **DeceptionAds** operation used **Vane Viper's malicious ad network** to deliver **ClickFix-style social engineering**, expanding deceptive user reach through malvertising inf...
Timeline
-
16.09.2025 22:36 2 articles · 8mo ago
Infoblox ties Vane Viper to PropellerAds and AdTech Holding
Initial DisclosureInfoblox says the Vane Viper malvertising ecosystem is tied to PropellerAds and parent AdTech Holding, using compromised websites, malicious ads, and a traffic distribution system (TDS) to redirect users to exploit kits, malware droppers, botnets, scams, and ransomware campaigns; the researchers say the activity appeared in about half of Infoblox customer networks and accounted for approximately 1 trillion DNS queries.
Show sources
- 'Vane Viper' Threat Group Tied to PropellerAds, Commercial Entities — www.darkreading.com — 16.09.2025 22:36
- 'Vane Viper' Threat Group Tied to PropellerAds, Commercial Entities — www.darkreading.com — 16.09.2025 22:36