Late in 2024, researchers uncovered that Kremlin-backed disinformation campaigns were using malicious advertising technology to bypass social media moderation. These campaigns hijacked a network built on deceptive adtech tools that funnel unsuspecting users through numerous redirects before delivering fake content—and, in some cases, misinformation.

At the heart of this ecosystem is VexTrio, the world’s oldest malicious traffic distribution system (TDS). It cloaks actual destination sites using multiple domain hops and delivers visitors via “smartlinks” embedded in hacked websites. These links often send users to fake news sites, scammy dating apps, phishing pages, or malware.

Two prominent affiliate services—LosPollos and TacoLoco—ride on this infrastructure. LosPollos uses “smartlinks” on compromised WordPress sites to funnel visitors into scams and monetize each click with affiliate commissions. TacoLoco, meanwhile, tricks users into enabling browser push notifications under the guise of a CAPTCHA (“Click ‘Allow’ to prove you're human”), and then bombards them with spammy alerts, fake virus warnings, and scam offers.

These networks share hosting and management: Adspro Group, registered in the Czech Republic and Russia, operates through Swiss hosting providers and is linked to companies like ByteCore AG, SkyForge Digital AG, Holacode, and Teknology SA—all tied to a single individual, Giulio Vitorrio Leonardo Cerutti.

Some of these apps, such as “Spamshield,” disguise themselves as tools to stop notifications—but later demand payment after initially hiding notifications.

Cerutti has publicly denied any connection to VexTrio, insisting his companies operate legally and transparently. Nonetheless, the evidence suggests a sophisticated, interwoven adtech empire profiting from hacked sites, deceptive tactics, and monetizing user trust.

Key takeaways:
Disinformation and scams are fueled by shared malicious adtech infrastructure.
Fake “CAPTCHA” prompts are used to trick users into enabling notifications.
Hacked websites and affiliate networks drive massive traffic into scams and malware.
The operation spans multiple front companies but appears to be centralized.

‍

Source: https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/