pull down to refresh

Vault Viper: DNS, Malware, and iGaming Infrastructureblogs.infoblox.com/threat-intelligence/vault-viper-high-stakes-hidden-threats/
100 sats \ 0 comments \ @0xbitcoiner 24 Oct security

Executive Summary

Southeast Asia’s cyber threat landscape is evolving faster than ever before, resulting in unprecedented financial losses and security implications increasingly being felt around the world.
This transformation has been marked by the rapid proliferation of industrial-scale scam centers and cyber-enabled fraud operations throughout the region, conservatively generating tens of billions of dollars annually.1 It has been driven by sophisticated Asian criminal groups and interconnected networks of human traffickers, underground bankers, data brokers, and other service providers—particularly those involved in online gambling which has served as a major front for concealing diversified cybercriminal and money laundering operations in and beyond the region.
Against this backdrop, in February 2025, Infoblox Threat Intel, in collaboration with the United Nations Office on Drugs and Crime (UNODC) Regional Office for Southeast Asia and Pacific,7 set out to examine a cluster of illegal online gambling and cyber-enabled fraud platforms operated by criminal networks based in Cambodia. Over the course of the investigation, however, we uncovered important connections to one of Asia’s leading iGaming software suppliers or “white labels”—an entity we observed not only servicing these criminal groups but also distributing a custom browser found to have significant security implications for users. Considering the popularity and the amount of traffic reaching the command-and-control (C2) domains, we estimate the install base in the millions.
[...]

Background

Down the Rabbit Hole: From Bolai to Baoying

Baoying Group and the BBIN White Label

Discovery in DNS: Technical Analysis: The Universe “Privacy” Browser

Windows Variant

Using the Universe Browser

Screenshot and lineSelector

Main Functionality: Examining the UBService Binary

Associated Mobile Applications

Vault Viper Network Infrastructure

Ac101[.]net

Testmyuser0009

Network Attribution: Unmasking Vault Viper

Level 1: BBIN

Level 2: Alvin Chau and Suncity Group

Security Assessment and Conclusion

Indicators

write
preview
related posts