Kremlin-Backed Disinfo Bypasses Social Media Moderation via Malicious Ad Tech
A new report exposes a sprawling ecosystem of malicious ad tech used not only by online scammers and hackers but also by Kremlin-backed disinformation campaigns to bypass social media moderation. The investigation focuses on the “Doppelganger” disinformation network, which uses sophisticated domain cloaking to spread pro-Russian narratives and infiltrate European media. This cloaking service shares infrastructure with VexTrio, arguably the oldest malicious traffic distribution system (TDS), and is linked to affiliate marketing services LosPollos and TacoLoco. These services employ deceptive tactics to trick users into enabling push notifications, which are then used to disseminate malware and scams. Researchers tied these services to Adspro Group, registered in the Czech Republic and Russia, with infrastructure in Switzerland. Despite Adspro's denial of ties to VexTrio, actions like LosPollos suspending its push monetization service and Adspro rebranding to Aimed Global suggest a connection to malicious activity. The report highlights the significant cybersecurity threat posed by this malicious ad tech ecosystem and advises users to be cautious about browser notification requests.