pull down to refresh

Vault Viper: DNS, Malware, and iGaming Infrastructureblogs.infoblox.com/threat-intelligence/vault-viper-high-stakes-hidden-threats/
100 sats \ 0 comments \ @0xbitcoiner 24 Oct 2025 security

Executive SummaryExecutive Summary



Southeast Asia’s cyber threat landscape is evolving faster than ever before, resulting in unprecedented financial losses and security implications increasingly being felt around the world.

This transformation has been marked by the rapid proliferation of industrial-scale scam centers and cyber-enabled fraud operations throughout the region, conservatively generating tens of billions of dollars annually.1 It has been driven by sophisticated Asian criminal groups and interconnected networks of human traffickers, underground bankers, data brokers, and other service providers—particularly those involved in online gambling which has served as a major front for concealing diversified cybercriminal and money laundering operations in and beyond the region.

Against this backdrop, in February 2025, Infoblox Threat Intel, in collaboration with the United Nations Office on Drugs and Crime (UNODC) Regional Office for Southeast Asia and Pacific,7 set out to examine a cluster of illegal online gambling and cyber-enabled fraud platforms operated by criminal networks based in Cambodia. Over the course of the investigation, however, we uncovered important connections to one of Asia’s leading iGaming software suppliers or “white labels”—an entity we observed not only servicing these criminal groups but also distributing a custom browser found to have significant security implications for users. Considering the popularity and the amount of traffic reaching the command-and-control (C2) domains, we estimate the install base in the millions.

[...]

BackgroundBackground

Down the Rabbit Hole: From Bolai to BaoyingDown the Rabbit Hole: From Bolai to Baoying

Baoying Group and the BBIN White LabelBaoying Group and the BBIN White Label

Discovery in DNS: Technical Analysis: The Universe “Privacy” BrowserDiscovery in DNS: Technical Analysis: The Universe “Privacy” Browser

Windows VariantWindows Variant

Using the Universe BrowserUsing the Universe Browser

Screenshot and lineSelectorScreenshot and lineSelector

Main Functionality: Examining the UBService BinaryMain Functionality: Examining the UBService Binary

Associated Mobile ApplicationsAssociated Mobile Applications

Vault Viper Network InfrastructureVault Viper Network Infrastructure

Ac101[.]netAc101[.]net

Testmyuser0009Testmyuser0009

Network Attribution: Unmasking Vault ViperNetwork Attribution: Unmasking Vault Viper

Level 1: BBINLevel 1: BBIN

Level 2: Alvin Chau and Suncity GroupLevel 2: Alvin Chau and Suncity Group

Security Assessment and ConclusionSecurity Assessment and Conclusion

IndicatorsIndicators

write
preview
related posts