Tag: seo poisoning

10 Attack Reports | 0 Vulnerabilities

Attack reports

May 2025 Infostealer Trend Report

This analysis examines the distribution trends of Infostealer malware in May 2025. It highlights the use of SEO poisoning to distribute malware disguised as cracks and keygens. LummaC2, Vidar, StealC, Rhadamanthys, and Amadey were the main Infostealers observed. Distribution methods included posts …
lummac2
rhadamanthys
infostealer
seo poisoning
amadey
bat script
vidar
stealc
dll-sideloading
2025-06-18
keygens
wormhole
unicode passwords
cracks
Published: June 18, 2025
Downloadable IOCs: 3

Cybercriminals camouflaging threats as AI tool installers

Cybercriminals are exploiting the popularity of AI by distributing malware disguised as AI solution installers. Three threats have been identified: CyberLock ransomware, Lucky_Gh0$t ransomware, and a newly discovered destructive malware called Numero. CyberLock, developed using PowerShell, encrypts…
ransomware
powershell
seo poisoning
ai
yashma
chaos
seo manipulation
2025-05-29
cyberlock
technology sector
b2b sales
ai tools
lucky_gh0$t
marketing sector
fake installers
numero
2025-06-05
Published: June 5, 2025
Downloadable IOCs: 20

Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign

A new Gootloader variant has been discovered using search engine optimization (SEO) poisoning to target Australian Bengal cat enthusiasts. The campaign uses Google search results for 'Are Bengal Cats legal in Australia?' to deliver malicious payloads. When users click on compromised links, a zip fi…
powershell
seo poisoning
javascript
gootloader
scheduled task
initial access
2024-11-06
gootkit
Published: November 6, 2024
Downloadable IOCs: 14

Threat Intelligence Alert: Phish 'n' Ships Fakes Online Shops to Steal Money and Credit Card Information

A sophisticated fraud scheme dubbed 'Phish 'n' Ships' has been uncovered, involving fake web shops that exploit digital payment providers to steal consumers' money and credit card information. The operation, traced back to 2019, has infected over 1,000 websites, created 121 fake web stores, and res…
phishing
seo poisoning
2024-10-31
chinese threat actors
credit card theft
fake web stores
payment processor abuse
search engine manipulation
e-commerce fraud
Published: October 31, 2024
Downloadable IOCs: 22

LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus

LUNAR SPIDER, a Russian-speaking financially motivated threat group, has resumed operations following law enforcement disruptions. They've shifted from using IcedID to leveraging Latrodectus and Brute Ratel C4 malware, targeting financial services through SEO poisoning malvertising campaigns. The g…
ransomware
malvertising
seo poisoning
icedid
latrodectus
2024-10-31
brute ratel c4
financial sector
infrastructure sharing
Published: October 31, 2024
Downloadable IOCs: 0

Rhysida Ransomware: Multi-Tiered Infrastructure and Early Detection Analysis

Insikt Group unveiled Rhysida's complex infrastructure, comprising typo-squatted domains for SEO poisoning, payload servers, CleanUpLoader C2 infrastructure, and higher-tier components including an admin panel and Zabbix monitoring server. This multi-tiered setup enables early victim identification…
backdoor
ransomware
seo poisoning
extortion
multi-tiered
infrastructure
2024-10-10
rhysida
chrgetpdsi
portstarter
cleanuploader
early detection
Published: October 10, 2024
Downloadable IOCs: 106

SIEM agent being used in SilentCryptoMiner attacks

A global malware campaign targeting mainly Russian-speaking users has been distributing cryptocurrency mining malware through fake software download sites, Telegram channels, and YouTube videos. The multi-stage infection chain uses unusual techniques for persistence and evasion, including hiding ma…
seo poisoning
persistence
autoit
cryptomining
defense evasion
2024-10-07
silentcryptominer
siem
Published: October 7, 2024
Downloadable IOCs: 8

Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant

A variant of WikiLoader loader for rent, also known as WailingCrab, is being delivered via SEO poisoning and spoofing of GlobalProtect VPN software. The campaign primarily affects U.S. higher education and transportation sectors. The infection chain involves multiple stages, including DLL sideloadi…
globalprotect
seo poisoning
dll sideloading
2024-09-02
wikiloader
wailingcrab
loader-for-rent
Published: September 2, 2024
Downloadable IOCs: 46

Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework

Trend Micro recently discovered a threat actor group dubbed Void Arachne targeting Chinese-speaking users with malicious Windows Installer (MSI) files containing legitimate software bundled with malicious Winos payloads. The campaign promotes compromised MSI files embedded with nudifiers, deepfake …
malware
backdoor
social-engineering
2024-06-19
winos
chinese
seo-poisoning
Published: June 19, 2024
Linked vulnerabilities : CVE-2024-21412
Downloadable IOCs: 46

Gootloader walkthrough

The analysis delves into the intricate workings of the Gootloader malware campaign. Through a meticulously crafted social engineering scheme involving SEO poisoning and fake forums, threat actors lure unsuspecting victims into downloading a malicious JavaScript file disguised as a legitimate resour…
social engineering
powershell
seo poisoning
javascript
2024-05-24
gootloader
Published: May 24, 2024
Downloadable IOCs: 12
Click here to see more Attack Reports