Web3Bet News Trojan disguised as a virtual private network browser spreads through online gambling apps, Infoblox warns

Trojan disguised as a virtual private network browser spreads through online gambling apps, Infoblox warns

Noah Turner

Author

115 articles

2 min

3.5k views

11.11.2025

Why Trust Web3Bet

Our team of experts has independently reviewed and evaluated all the products and services featured on this page to ensure you receive accurate and reliable information

Infoblox researchers say a sprawling criminal ecosystem is quietly riding on top of iGaming technology. At the center is a customized “Universe Browser” that looks legitimate but behaves like a control tool, steering every click through servers the operators manage.

The team reports that this ecosystem blends gambling tech with tactics more common to malware. By redirecting traffic and weakening built-in protections, it creates a pathway for account takeover, payment fraud, and the silent delivery of additional payloads.

How the operation works: custom browser and traffic control

According to the research, the “Universe Browser” is modified to limit security features and to hide diagnostic tools that would help users or investigators see what is happening under the hood. All web activity is funneled through the operator’s network, giving them a privileged view of user behavior and the ability to insert or alter content.

Investigators also describe a recognizable infrastructure footprint that ties many moving parts together. Reused patterns across domains and servers suggest long-running coordination, allowing the group to shift users between sites, keep command channels alive, and recover quickly when pieces of the network are taken down.

Why it matters and what to do now

For users, the risk is straightforward. A browser that quietly routes your traffic through someone else’s machines can capture credentials, harvest personal data, and enroll your device in further schemes without obvious signs that anything is wrong.

Defenders should block indicators from the report, monitor for unusual browser installations distributed via gambling communities, and watch for consistent naming and hosting patterns that match the described footprint. Where possible, enforce application allow-lists, restrict the use of unvetted browsers, and alert on outbound traffic that unexpectedly detours through unfamiliar proxy infrastructure.

Source: https://blogs.infoblox.com/threat-intelligence/vault-viper-high-stakes-hidden-threats/