Vane Viper: How Adtech Fuels Criminal Activity and Disinformation

Uncovering Vane Viper and Propeller Ads

• 💡 Vane Viper, a Cyprus-based holding company, is revealed to be the infrastructure behind Propeller Ads, a major advertising network.
• 🎯 The research indicates that Vane Viper is not just exploited by criminals but operates as criminal infrastructure itself, profiting from fraud, malware, and disinformation.
• 🔍 Initial discovery of Vane Viper in 2022 involved tracking DNS queries and identifying its heavy involvement in scams and malware distribution.

The Scale and Motivation of Vane Viper

• 📊 Over a trillion DNS queries were linked to Vane Viper in a year, indicating extraordinarily popular domains and widespread reach.
• 💰 The primary motivation is financial, earning money from both "publishers" (those who display ads) and advertisers (those who pay to distribute scams and malware).
• 🌐 Vane Viper's operations are described as "Deniability by Design," utilizing offshore entities and complex ownership structures to obscure their activities.

Adtech Ecosystem and Criminal Convergence

• ⚠️ The research highlights a growing convergence between adtech, cybercrime, and state-linked influence operations.
• 🧩 Elements of the digital advertising ecosystem are functioning as infrastructure for large-scale cyber and disinformation campaigns.
• 🌐 Vane Viper's ads are often seen on sites like gambling, cracking, and free video download sites, targeting individuals seeking to make money due to economic challenges.

Tools and Tactics: Push Notifications and TDS

• 🚀 Push notifications are a key tool, providing persistence on devices and an infinite number of opportunities to scam users.
• 💰 Advertisers are charged for push notifications regardless of user clicks, allowing adtech companies to generate revenue even with low conversion rates.
• 🎯 A Traffic Distribution System (TDS) is used to funnel users towards offers (scams or malware) most likely to be acted upon, based on device type, region, and user behavior.

User and Business Recommendations

• ⚠️ Users are advised not to accept notifications and to be suspicious of unexpected redirects to search pages or other sites.
• 🛡️ Businesses should implement security measures that specifically tackle traffic distribution systems.
• 📣 Reporting malicious advertising activity to law enforcement is crucial for building momentum and understanding victimology.