Information Management Today

How 'SEO Poisoning' Is Used to Deploy Malware

Data Breach Today

JUNE 16, 2021

PDF Documents Stuffed With SEO Keywords Lead to Malware Attacks SolarMarker malware operators are using "SEO poisoning" techniques to deploy the remote access Trojan to steal sensitive information, Microsoft reports.

Access

Massive Black hat SEO campaign used +15K WordPress sites

Security Affairs

NOVEMBER 14, 2022

Experts warn of a malicious SEO campaign that has compromised over 15,000 WordPress websites to redirect visitors to fake Q&A portals. This black hat SEO theory is also backed by the fact that the second level domains of the Q&A sites seem to belong to the same people. ” Pierluigi Paganini.

Security

Security IT Information Security

Another Report of SEO in Phishing

KnowBe4

MAY 11, 2022

Researchers at Netskope have observed a 450% increase in phishing downloads over the past twelve months, largely driven by attackers using SEO (search engine optimization) to improve the search engine ranking of malicious sites. Most of these downloads were malware-laden PDF files.

Phishing

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

SEO Poisoning Attacks on Healthcare Sector Rising, HHS Warns

Data Breach Today

JUNE 23, 2023

Search Scams Luring Users to Malware-Infected Sites Are Often Tricky to Detect Search engine optimization poisoning attacks, which involve intentionally manipulating search results to lead users onto malware-laced websites, are on the rise in the healthcare sector, U.S. federal regulators warn.

SolarMarker Attackers Use SEO Poisoning to Push Malicious Code

eSecurity Planet

OCTOBER 29, 2021

Cybercriminals leveraging the SolarMarker.NET-based backdoor are using a technique called SEO poisoning to drive malicious payloads into victims’ systems so they can gain access to the credentials and data within. If they click on the SEO-poisoned link, they see a malicious PDF on the page. Malicious SolarMarker downloads.

Ransomware

Ransomware Cloud Access Education

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

Microsoft spotted a series of attacks that use SEO poisoning to deliver a remote access trojan (RAT) used by threat actors to steal sensitive data. Microsoft is monitoring a wave of cyber attacks that leverages SEO poisoning to deliver a remote access trojan (RAT) to steal sensitive data from the infected systems. Pierluigi Paganini.

Insurance

Insurance Access Security IT

Phishing Scammers Benefit from Shady SEO Practices to Rank Better Than Legitimate Domains

KnowBe4

MAY 24, 2022

So-called “Black Hat SEO” services have popped up on Dark Web forums bringing advantageous search results to anyone willing to pay a small monthly fee.

Phishing

Malware Loader Abuses Google SEO to Expand Payload Delivery

Threatpost

MARCH 1, 2021

Gootloader has expanded its payloads beyond the Gootkit malware family, using Google SEO poisoning to gain traction.

IT

WordPress Targeted with Clever SEO Injection Malware

Threatpost

DECEMBER 18, 2018

The malware does its best to obfuscate SEO injection in WordPress and evade notice from web admins.

IT

IT Security

Be Aware of SEO and Waterhole Attacks

KnowBe4

AUGUST 11, 2023

Most social engineering scams search out their potential victims, often sending emails to known email addresses, sending chat messages to them or calling known phone numbers. The attackers take an active role in seeking out and making contact with their victims.

IT

Breach Roundup: More MOVEit Victims, Including US Government

Data Breach Today

JUNE 15, 2023

Also, CISA and its global peers crowned LockBit the world's top ransomware threat, North Korean hackers copied a popular South Korean web portal, and an impersonation campaign used SEO techniques to target top brands.

Government

Government Ransomware IT

Beware of Clickbait PDF Phishing Attacks Lurking in Search Results

KnowBe4

AUGUST 14, 2023

We previously reported independently on PDF-based phishing attacks skyrocketing and the rise of SEO attacks. Most worryingly, PDF-based SEO attacks are poorly detected by common defense mechanisms such as blocklists, ad blockers or even crowdsourced antivirus services VirusTotal.

Phishing

The Rise of Large-Language-Model Optimization

Schneier on Security

APRIL 25, 2024

In response, a multibillion-dollar industry—search-engine optimization, or SEO—has emerged to cater to Google’s shifting preferences, strategizing new ways for websites to rank higher on search-results pages and thus attain more traffic and lucrative ad impressions. We already see the beginnings of this.

Communications

Communications IT Artificial Intelligence Marketing

Gootkit Malware Found Targeting Australian Healthcare Sector

Data Breach Today

JANUARY 12, 2023

Access-as-a-Service Operators Use SEO Poisoning to Find Victims Trend Micro spotted operators of the Gootkit malware loader targeting the Australian healthcare sector.

Insurance

Insurance Ransomware Access

Data Thieves Test-Drive Unique Certificate Abuse Tactic

Dark Reading

OCTOBER 11, 2023

An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.

SEO Poisoning Used to Distribute Ransomware

Dark Reading

OCTOBER 28, 2021

This tactic - used to distribute REvil ransomware and the SolarMarker backdoor - is part of a broader increase in such attacks in recent months, researchers say.

Ransomware

Backdoor Lurks Behind WordPress Caching Plugin to Hijack Websites

Dark Reading

OCTOBER 12, 2023

Evasive malware disguised as a caching plugin allows attackers to create an admin account on a WordPress site, then take over and monetize sites at the expense of legitimate SEO and user privacy.

Privacy

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

Threatpost

AUGUST 3, 2021

An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.

Malicious PDFs Flood the Web, Lead to Password-Snarfing

Threatpost

JUNE 15, 2021

SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords & links to redirect to the malware.

Passwords

Passwords Security

Will GenAI Kill The Web?

John Battelle's Searchblog

APRIL 23, 2024

Just as spammy “ made for advertising ” sites like Demand Media (and countless others) polluted the SEO-driven landscape of the past 25 years, the LLMO industry will pollute the emerging world of ChatGPT, Google Gemini, and Microsoft Copilot. It’s fair to say I’ll read just about anything he writes.

IT

IT Artificial Intelligence Security

Office of Information Security issues notice on SEO Poisoning

IG Guru

JUNE 29, 2023

Visit the post for more.

Information Security

Information Security Security

Gootkit Loader campaign targets Australian Healthcare Industry

Security Affairs

JANUARY 11, 2023

The experts analyzed a series of attacks and discovered that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player. The sites used to trick users into downloading malicious files due to SEO poisoning look like legitimate WordPress sites that have been compromised and abused.

Archiving

Archiving Access IT Security

Royal Ransomware Expands to Target Linux, VMware ESXi

Dark Reading

MAY 9, 2023

The ransomware gang has also started using the BatLoader dropper and SEO poisoning for initial access.

Ransomware

Ransomware Access

Google Analytics Continues to Lose SEO Visibility as Bans Continue

Dark Reading

JUNE 28, 2022

Google Analytics has been found to be in violation of GDPR privacy laws by Italy — the third country to ban it.

Analytics

Analytics GDPR Privacy IT

SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023

Dark Reading

APRIL 27, 2023

SEO-aided attacks, developer targeting, and malicious use of AI top the list for 2023.

All in One SEO Plugin Bug Threatens 3M Websites with Takeovers

Threatpost

DECEMBER 22, 2021

A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.

Access

Access Security

A Day in the Life of an SEO'd Blog Article, from the Local Washington DC SEO Provider's Perspective

Interactive Information Management

JANUARY 24, 2014

think Blogs are good for SEO. The SEO customer SAYS: "I'll write a Blog article, you SEO it, and we'll post it as part of our online marketing!" The SEO customer THINKS: "I'll quickly write a fun, helpful blog entry (or get a Guest Blogger!), The DC SEO Process: (at least from KME Internet Marketing 's perspective!)

e-Delivery

e-Delivery Marketing Communications Analytics

Gootkit AaaS malware is still active and uses updated tactics

Security Affairs

AUGUST 2, 2022

Attackers use black SEO technique to display a website compromised by Gootkit operators among the results. “This threat also shows that SEO poisoning remains an effective tactic in luring unsuspecting users. The attack chain starts with a user searching for specific information in a search engine. ” concludes the report.

Encryption

Encryption Archiving Ransomware Access

DC SEO 3.0 & Internet Marketing Top 10 2014 Tips for Local or Small Businesses

Interactive Information Management

DECEMBER 6, 2013

At KME (a DC SEO Company and Digital Technology Agency ), we cover a lot of ground among client types, industry segments and technology services, with a heavy emphasis on area DC SEO business requirements for online, interactive marketing and advertising. With fantastic, empathetic communication skills.

Marketing

Marketing Metadata B2C Communications

Attacker Expands Use of Malicious SEO Techniques to Distribute Malware

Dark Reading

MARCH 2, 2021

The operators of REvil and Gootkit have begun using a tried and tested technique to distribute additional malware, Sophos says.

On the Poisoning of LLMs

Schneier on Security

MAY 25, 2023

Interesting essay on the poisoning of LLMs—ChatGPT in particular: Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months.

Paper

Paper IT Artificial Intelligence

Microsoft App Store Sizzling with New ‘Electron Bot’ Malware

Threatpost

FEBRUARY 24, 2022

The SEO poisoning bot, capable of full system takeover, is actively taking over social media accounts, masquerading as popular games like Temple Run.

Security

100,000 Google Sites Used to Install SolarMarket RAT

Threatpost

APRIL 14, 2021

Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.

Security

No, I Won't Link to Your Spammy Article

Troy Hunt

APRIL 6, 2020

It's either clicks alone or clicks and SEO courtesy of establishing more inbound links in an attempt to artificially inflate the popularity of the site. And just to help my own SEO and awareness of your spammy behaviour, I'll tweet a link to this page with the title of your page each time it happens. On a popular blog. kthanksbye!

Phishing

Phishing Authentication Passwords Marketing

Threat actors target law firms with GootLoader and SocGholish malware

Security Affairs

MARCH 2, 2023

Attackers use black SEO technique to display a website compromised by GootLoader operators among the results. In the past, GootLoader distributed malware masquerading as freeware installers and it used legal documents to trick users into downloading these files. ” continues the analysis.

Ransomware

Ransomware Archiving IT Access

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Krebs on Security

MARCH 22, 2024

“Between 2010 and 2014, we put up some web pages and optimize them — a widely used SEO practice — and then ran AdSense banners on them,” Shelest said, presumably referring to the dozens of people-search domains KrebsOnSecurity found were connected to his email addresses (dmitrcox@gmail.com and dmitrcox2@gmail.com).

Healthcare

Healthcare Privacy Data breaches Government

The Scammer Force is Strong with Star Wars: The Rise of Skywalker

Threatpost

DECEMBER 19, 2019

Phishers are using "black SEO" to lure users in to malicious downloads masquerading as the latest Star Wars movie.

Phishing

Phishing Security

Who’s Behind the ‘Web Listings’ Mail Scam?

Krebs on Security

MARCH 23, 2020

after receiving what looked like a bill for search engine optimization (SEO) services rendered on behalf of their domain names. employed a number of people involved in the SEO business. In December 2018, KrebsOnSecurity looked at how dozens of U.S. political campaigns, cities and towns had paid a shady company called Web Listings Inc.

Sales

Sales Marketing Financial Services IT

Weekly Update 217

Troy Hunt

NOVEMBER 13, 2020

it's a beautiful piece I'm very humbled to have received) I killed some time messing with an SEO spammer (what do you mean Troy Hunt sucks?!) Check it out in the links below or here me talk about it in the video, it rocks ?? References My (ISC)² award arrived!

Data breaches

Data breaches Cloud Security IT

Security Affairs newsletter Round 394

Security Affairs

NOVEMBER 20, 2022

Experts found critical RCE in Spotify’s Backstage Experts revealed details of critical SQLi and access issues in Zendesk Explore China-linked APT Billbug breached a certificate authority in Asia Previously undetected Earth Longzhi APT group is a subgroup of APT41 Avast details Worok espionage group’s compromise chain Massive Black hat SEO campaign (..)

Security

Security Ransomware Phishing Privacy

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

. – all major gtlds (com, net, org, info, biz) – many interesting and uninteresting cctlds – options for any topic – processing of any quantities – guarantees – exceptionally low prices for domains for white and gray schemes (including any SEO and affiliate spam ) – control panel with balances and auto-registration (..)

Computer and Electronics

Computer and Electronics Passwords Sales Government

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs

JUNE 12, 2022

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers HID Mercury Access Controller flaws could allow to unlock Doors Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal PACMAN, a new attack technique against Apple M1 CPUs Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign (..)

Security

Security Ransomware Cybersecurity Encryption

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Security Affairs

NOVEMBER 22, 2022

. “These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency wallets or remote access tools, and the 911 method making use of YouTube videos and SEO-poised fake cracked software download websites.” ” reads the analysis by the experts.

Phishing

Phishing Marketing Access IT

Gootkit delivery platform Gootloader used to deliver additional payloads

Security Affairs

MARCH 1, 2021

The framework uses black search engine optimization (SEO) techniques to poison Google search results and spread links pointing to the malware. Telemetry reveals that crooks are using this technique to spread multiple payloads in South Korea , Germany , France , and across North America. ” continues the analysis. “This.js

Search queries

Search queries CMS Ransomware File names

How 'SEO Poisoning' Is Used to Deploy Malware

Massive Black hat SEO campaign used +15K WordPress sites

Webinars

Trending Sources

Another Report of SEO in Phishing

Webinars

SEO Poisoning Attacks on Healthcare Sector Rising, HHS Warns

SolarMarker Attackers Use SEO Poisoning to Push Malicious Code

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Phishing Scammers Benefit from Shady SEO Practices to Rank Better Than Legitimate Domains

Malware Loader Abuses Google SEO to Expand Payload Delivery

WordPress Targeted with Clever SEO Injection Malware

Be Aware of SEO and Waterhole Attacks

Breach Roundup: More MOVEit Victims, Including US Government

Beware of Clickbait PDF Phishing Attacks Lurking in Search Results

The Rise of Large-Language-Model Optimization

Gootkit Malware Found Targeting Australian Healthcare Sector

Data Thieves Test-Drive Unique Certificate Abuse Tactic

SEO Poisoning Used to Distribute Ransomware

Backdoor Lurks Behind WordPress Caching Plugin to Hijack Websites

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

Malicious PDFs Flood the Web, Lead to Password-Snarfing

Will GenAI Kill The Web?

Office of Information Security issues notice on SEO Poisoning

Gootkit Loader campaign targets Australian Healthcare Industry

Royal Ransomware Expands to Target Linux, VMware ESXi

Google Analytics Continues to Lose SEO Visibility as Bans Continue

SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023

All in One SEO Plugin Bug Threatens 3M Websites with Takeovers

A Day in the Life of an SEO'd Blog Article, from the Local Washington DC SEO Provider's Perspective

Gootkit AaaS malware is still active and uses updated tactics

DC SEO 3.0 & Internet Marketing Top 10 2014 Tips for Local or Small Businesses

Attacker Expands Use of Malicious SEO Techniques to Distribute Malware

On the Poisoning of LLMs

Microsoft App Store Sizzling with New ‘Electron Bot’ Malware

100,000 Google Sites Used to Install SolarMarket RAT

No, I Won't Link to Your Spammy Article

Threat actors target law firms with GootLoader and SocGholish malware

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

The Scammer Force is Strong with Star Wars: The Rise of Skywalker

Who’s Behind the ‘Web Listings’ Mail Scam?

Weekly Update 217

Security Affairs newsletter Round 394

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Security Affairs newsletter Round 369 by Pierluigi Paganini

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Gootkit delivery platform Gootloader used to deliver additional payloads

Stay Connected