21 matches found
Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning
Cybercriminals are using SEO poisoning and fake Gemini and Claude installer sites to infect developers with fileless malware and steal data...
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
In this article 1. Storm-2755’s attack chain 2. Defending against Storm-2755 and AiTM campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise Microsoft Incident Response – Detection and Response Team DART researchers observed an emerging, financially motivated...
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network VPN clients distributed through search engine optimization SEO poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on...
Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches
A cybercrime gang known as Black Cat has been attributed to a search engine optimization SEO poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data. According to a report published by the National...
HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
Chinese-speaking users are the target of a search engine optimization SEO poisoning campaign that uses fake software sites to distribute malware. "The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet...
Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising
Malicious actors associated with the Vietnamese cybercrime ecosystem are leveraging advertising-as-a-vector on social media platforms such as Meta-owned Facebook to distribute malware. "Threat actors have long used fraudulent ads as a vector to target victims with scams, malvertising, and more,"...
Raccoon and Vidar Stealers Spreading via Massive Network of Fake Cracked Software
A "large and resilient infrastructure" comprising over 250 domains is being used to distribute information-stealing malware such as Raccoon and Vidar since early 2020. The infection chain "uses about a hundred of fake cracked software catalogue websites that redirect to several links before...
Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign
A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals. "These malicious redirects appear to be designed to increase the authority of the attacker's sites for search engines," Sucuri researcher Ben Martin said in a report...
SolarMarker Malware Uses Novel Techniques to Persist on Hacked Systems
In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems. Cybersecurity firm...
GootLoader Hackers Targeting Employees of Law and Accounting Firms
Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets. "GootLoader is...
Hackers Exploit 0-Day Gatekeeper Flaw to Attack macOS Computers
Security is only as strong as the weakest link. As further proof of this, Apple released an update to macOS operating systems to address an actively exploited zero-day vulnerability that could circumvent all security protections, thus permitting unapproved software to run on Macs. The macOS flaw,...
YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs
Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into visiting seemingly legitimate Google sites that install a Remote Access Trojan RAT capable of carrying out a wide range of attacks. The attack works by leveraging searches for business forms suc...
Search engine shenanigans: Malwarebytes mentions aren’t what they seem
Thing might be a touch quiet at the moment as we ease into 2018, but that doesn't mean dubious antics and dodgy dealings aren't still making waves online. As a matter of fact, should you go searching for some of our researchers, their blog posts, or just a couple of notable quotables from news...
PNG Image Metadata Found Leveraging iFrame Injections
Researchers have discovered a relatively new way to distribute malware that relies on reading JavaScript code stored in an obfuscated PNG file’s metadata to trigger iFrame injections. The technique makes it highly unlikely a virus scanner would catch it because the injection method is so deeply...
Prediction: Handful of Malicious Networks Will Spawn Most Attacks In 2012
A shadowy web of malicious networks, or “malnets” will be the source of two thirds of online attacks in 2012, according to a report from the security firm Blue Coat. Despite the continued industry focus on specific families and samples of malicious software, Blue Coat researchers say that...
Hacked WordPress Blogs Used to Poison Google Image Search
A researcher has found evidence of thousands of compromised WordPress blogs that are being used to insert malicious images into Google search results. The report, from the unmaskparasites.com blog, may be evidence of the after affects of a widespread attack on WordPress blogs reported last week, ...
Image of the Day: SEO Poisoning
Today’s Image of the Day comes from web security firm Imperva, who’ve crafted an infographic to accompany their monthly Hacker Intelligence Initiative report on search engine poisoning SEP. We’ve seen before how attackers continue to poison SEO to thwart search engine algorithms. To increase thei...
Scareware, Black Hat SEO and You
The scareware and rogue AV problem that initially appeared a few years ago and has since found its way onto thousands and thousands of legitimate Web sites, including The New York Times home page, has now reached epidemic levels. The scams are mostly boilerplate and well-understood, but it’s not...
Paul Judge on Twitter Crime and Web Security
Dennis Fisher talks with Paul Judge of Barracuda Networks about the company’s new report on Twitter phishing trends, search engine poisoning, Web security and what can be done about the spam pandemic. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground podcast on...
Search Engine Poisoning Is On the Rise
To improve the chances of installing their malware on random computers, scareware peddlers have decided to set up more that 60 websites that contain hundreds of possible search matches for hot, trending topics. Read the full article. Help Net Security...