By rssfeeds-admin 
The criminal enterprise, which generated billions in fraudulent revenue through its TDS infrastructure, has expanded operations to include malicious mobile applications distributed through legitimate app stores.
Security analysts discovered that VexTrio’s app development division, LocoMind, claimed over 500,000 downloads and 50,000 active users across at least seven fraudulent applications.
Technical Infrastructure Behind Mobile Fraud
VexTrio’s mobile operations center around their app development subsidiary LocoMind, operating under the Apperito umbrella company.
The organization has developed multiple categories of deceptive applications, including RAM cleaners and various VPN services like FastVPN.
These applications masquerade as legitimate security tools while serving as entry points for VexTrio’s broader fraud ecosystem.
The technical sophistication extends beyond simple app development. VexTrio operates mail servers using lookalike domains, including mail[.]sendgrid[.]rest and mailgun[.]fun, mimicking legitimate email services, SendGrid and Mailgun, respectively.
These domains run on infrastructure controlled by Holaco. The platform hosts not only malicious apps but also payment processing services through Pay Salsa.
Research indicates that VexTrio’s domains supporting core infrastructure rank within the top 10,000 most popular globally as of July 2025, demonstrating their ability to achieve massive reach despite ongoing security industry efforts to disrupt operations.
Advanced Distribution and Monetization Methods
The criminal organization employs a sophisticated multi-layered approach combining their traditional TDS with mobile app distribution.
Their smartlink technology processes over 2 billion unique users monthly through their Los Pollos affiliate network, while TacoLoco claims processing capability exceeding 1 million requests per second for push notification monetization.
VexTrio’s mobile apps specifically target user security concerns, advertising themselves as protective tools while potentially harvesting user data and serving as vectors for their broader fraud operations.
The apps claim to provide mobile security features, creating a false sense of legitimacy that enables wider distribution through official app stores.
The organization’s technical capabilities include advanced cloaking and evasion techniques, with domains like nxt-psh[.]com ranking among the top 100,000 globally for push notification distribution.
This infrastructure enables them to deploy new campaigns and maintain persistence across multiple platforms rapidly.
According to the Association of National Advertisers, digital fraud costs are projected to reach $172 billion by 2028, with VexTrio’s sophisticated app distribution representing a significant evolution in cybercriminal mobile targeting strategies.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post VexTrio TDS System Unveils Malicious VPN-Like Apps for Google Play and App Store Distribution appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.