An ongoing search engine optimization (SEO) poisoning attack campaign has been observed abusing trust in legitimate software utilities to trick users into downloading BATLOADER malware on compromised machines.
“The threat actor used ‘free productivity apps installation’ or ‘free software development tools installation’ themes as SEO keywords to lure victims to a compromised website and to download a malicious installer,” researchers from Mandiant said in a report published this week.
In SEO poisoning attacks, adversaries artificially increase the search engine ranking of websites (genuine or otherwise) hosting their malware to make them show up on top of search results so that users search for specific apps like TeamViewer, Visual Studio, and Zoom are infected with malware.
The installer, while packing the legitimate software, is also bundled with the BATLOADER payload that’s executed during the installation process. The malware then acts as a stepping stone for gaining further insight into the targeted organization by downloading next-stage executables that propagate the multi-stage infection chain. Read more:https://bit.ly/3giAsMf