Vault Viper: High Stakes, Hidden Threats

Infoblox Threat Intel (with UNODC collaboration) exposes "Vault Viper" (Baoying Group / BBIN), a sprawling criminal iGaming white-label and transnational infrastructure that distributes a custom Chromium-based "Universe Browser"—marketed as a privacy/circumvention tool but containing persistent, anti-analysis, and covert network/DNS manipulation components consistent with RATs and information-stealing malware; the report maps extensive DNS/ASN footprints, C2 domains and IPs, provides technical analysis of Windows and mobile binaries and extensions, lists IoCs, and ties the operation to organized crime networks (including links to Suncity and convicted actors), concluding the browser functions as a high-risk collection and exploitation platform enabling credential/device takeover and large-scale monetization.