Researchers at cloud security firm Infoblox have uncovered a suite of techniques used by a major Chinese crime syndicate that has deep tentacles in a trillion-dollar illegal online gambling environment as well as in the world of Europe’s top soccer clubs.
The researchers wrote in their report on Monday that the bad actors behind the tech suite, which they have dubbed Vigorish Viper, offer a full range of functionality, including software, a Domain Name System (DNS) network, website hosting, mobile apps, payment systems, secure communications, branding services, advertising, and even anonymous cryptocurrency payment tools built into all the applications.
This is the technology home of a large, diverse and widespread criminal enterprise targeting the $1.7 trillion illegal sports betting environment, specifically targeting Chinese nationals, where an $850 billion underground gambling world thrives, even though gambling is essentially illegal nationwide.
According to Infoblox, Vigorish Viper operates a huge network of over 170,000 domain names in total, and uses a DNS CNAME traffic distribution system to evade detection and law enforcement. According to Cloudflare, DNS CNAME records provide an alias for another domain.
“Vigorish Viper is one of the most sophisticated and severe threats to digital security ever discovered,” Renée Burton, vice president of Infoblox Threat Intel, said in a statement. “Vigorish Viper has built a complex infrastructure with multiple layers of a Traffic Distribution System (TDS) using DNS CNAME records and JavaScript, making it extremely difficult to detect. These systems are complemented by proprietary encrypted communications and custom-developed applications that make its activity not only difficult to capture, but also extremely resilient.”
Using DNS CNAME records and JavaScript, the researchers said in a blog post, criminals can create “a series of gates to protect systems from unwanted scrutiny. They thoroughly fingerprint users, including continuously monitoring mouse movements and assessing IP addresses. There are multiple versions of the software, with the most advanced version reserved for Chinese brands.”
Link to Yabo
According to the report, the tech operation has been in existence since 2018 and was discovered by Infoblox last year. Researchers believe the Vigorish Viper tech operation was created by Yabo (aka Yabo Sports and Yabo Group), a Chinese shadowy organization that is involved in online gambling as well as other illicit activities, including modern-day slavery of people held in forced labor camps along the Cambodian-Laotian border, mostly Chinese residents, the Infoblox researchers wrote.
There, they are forced to work for gambling operations and commit “pig slaughter” scams, i.e. online fraud, where bad guys create fake online personalities to lure people into fake investment schemes. They also provide customer support for Yabo’s website and the websites of other gambling brands, all of which use Vigorish Viper technology.
“While these brands appear to be distinct, they are operated like branches of a franchise,” the researchers wrote in a blog post.
Amid growing pressure from European journalists and authorities, Yabo was dissolved in 2022, but “the company’s remnants were effectively laundered into a series of new entities, including Kaiyun Sports, KM Gaming, Ponymuah, and SKG,” the researchers wrote. “At face value, these new companies appear to be independent, but the evidence indicates otherwise. Together, these newly formed companies comprise a supply chain that allows Vigorish Viper to continue operating unabated and with less oversight.”
Use by European soccer teams
The Vigorish Viper are also deeply embedded in what researchers have written is an ongoing controversy in European soccer: Chinese organized crime groups are using hugely popular sports teams to expand the reach of their illegal gambling operations. They use shell companies, fake identities and credentials to create brands, typically represented by “white intermediaries,” to build a strong local presence and establish credibility.
Players wear the team’s logo on their uniforms and have it displayed around the stadium, and the games are broadcast in China, with the aim of encouraging Chinese people to visit the website and place bets on the games.
“This sponsorship farce has been the subject of intensive reporting by investigative journalists and watchdog groups over the past few years,” the researchers wrote. “Vigorish Viper technology ties most of these stories together and places Yabo at the center of the controversy.”
While activity surrounding football club sponsorship continues, last year the UK Gambling Commission sanctioned white label provider TGP Europe, suspending 14 brands and UK-related domain names. Eleven of these brands were associated with Vigorish Viper, including Yabo. Despite the UK action, various brands have signed new sponsorship deals with teams in France, Spain and other European countries, and TGP Europe remains a white label provider for five of Vigorish Viper’s brands.
Furthermore, they write that at least eight top teams in England have such deals with the Vigorous Viper brand.
“This research is particularly significant as it links physical crimes such as human trafficking, money laundering and fraud with online crime in a way that has never been seen before,” Barton said. “It is now clear that organised crime is implementing a cunning strategy to exploit unsuspecting European clubs to fuel its crime cycle.”
Recent articles by the author
