Chinese Vigorish Viper Exploits DNS and Football Sponsorships for Illegal Gambling


Unmasking Vigorish Viper: The Elusive Cybercrime Network Behind Illegal Gambling. Learn how this sophisticated group uses clever DNS tactics and deceptive sponsorships to dominate the online gambling black market. Discover the threats they pose and how experts are fighting back. 

A research report by cloud networking and security services giant Infoblox reveals the continued dominance of a sophisticated cybercrime network called Vigorish Viper in the illegal online gambling world.

This network has carved a niche for itself by facilitating access to gambling sites in Southeast Asia, often targeting residents of Greater China and Europe. Reportedly, it has been operating since 2018 and was discovered by Infoblox in 2023.

Infoblox Threat Intel reports that Vigorish Viper is linked to Chinese organized crime and uses advanced technology suite to exploit the global $1.7 trillion illegal sports gambling economy. The group’s name comes from the gambling world’s exorbitant fees on unlucky bettors. Moreover, its technology suite includes software, DNS configurations, website hosting, payment systems, and mobile apps. 

It is worth noting that Chinese groups are quite active in illegal gambling-related operations. In November 2023, Qurium Media, a Swedish nonprofit provider of digital security solutions, exposed a major operation in which Chinese scammers created cloned versions of legitimate websites, redirecting visitors to gambling sites.

Infoblox’s research highlights Viper’s cunning use of the Domain Name System (DNS). DNS acts as the internet’s phonebook, translating website names into the numeric addresses, computers use to connect.  Vigorish Viper exploits this system by maintaining a network of over 170,000 active domain names and DNS CNAME traffic distribution systems to evade detection and law enforcement. 

The group has connections to the infamous Yabo Group (aka Yabo Sports or Yabo rebranding to Kaiyun Sports and later Ponymuah), possibly the largest illegal gambling operation targeting Greater China.

The Yabo Group is embroiled in controversies over European football club sponsorships, including Manchester United, being used to illegally promote unregulated gambling sites in Asia. 

Experts believe the DNS configurations and software used by Vigorish Viper’s network strongly resemble those employed by Yabo. This suggests a potential shared infrastructure or a close technical collaboration between the two entities.

Vigorish Viper’s infrastructure (Screenshot: Infoblox)

“We are highly confident that Vigorish Viper’s technology suite was developed by the Yabo Group,” the Infoblox report read.

The report unveils a surprising tactic: leveraging European football sponsorships. Vigorish Viper secures advertising space on jerseys or at stadiums, subtly promoting illegal gambling sites to unsuspecting European audiences.

This strategy exploits the popularity of European football, particularly in Southeast Asia, where such sponsorships might go unnoticed by European authorities. Tens of seemingly unrelated gambling brands use Vigorish Viper technology, operating more like franchise branches, highlighting the importance of a holistic view of DNS threats.

“This work is particularly important because it connects the physical crimes of human trafficking, money laundering, and fraud, to online crime in a way that hasn’t been done before.”

Infoblox Threat Intel’s Vice President, Dr. Renée Burton.

  1. Chinese APT Posing as Cloud Services to Spy on Cambodia
  2. Chinese APT spying on Vietnam military with FoundCore RAT
  3. Money Transfer XHelper App is A Money Laundering Network
  4. Chinese APT Slid Fake Signal, Telegram Apps onto App Stores
  5. Hacks Surge 325% in Philippines Amid South China Sea Standoff





Source link