216.73.217.139

Black Hat SEO Poisoning Search Engine Results For AI to Distribute Malware

· Published 26/06/2025 17:27 · Modified 27/06/2025 07:08

Export JSON

Essential information

Published
26/06/2025 17:27
Modified
27/06/2025 07:08
Tags
2025-06-26 browser fingerprinting legion loader lumma search engine poisoning stealer malware vidar
Related entities
23 observables, 9 techniques (mitre), 3 malware, 1 others

Description

Threat actors are exploiting the popularity of AI tools by using Black Hat SEO techniques to poison search engine rankings for AI-related keywords. These malicious websites redirect users through multiple layers to deliver malware such as , , and . The attackers employ sophisticated JavaScript to collect browser data, perform fingerprinting, and evade detection. The malware payloads are often packaged in large installer files to bypass sandboxes. The campaign uses trusted platforms like WordPress and AWS CloudFront to appear legitimate. Victims are lured through high-ranking search results for AI topics, leading to infection chains involving and cryptocurrency-stealing browser extensions.

External references