Saturday, June 15, 2024
HomeCyber CrimeCybercriminals Using SEO Poisoning To Spread Malware

Cybercriminals Using SEO Poisoning To Spread Malware


Batloader and Atera Agent malware were discovered in an SEO poisoning effort. Professionals looking for useful tools are the intended audience (e.g. Visual Studio, Zoom, and TeamViewer).

What SEO strategies are used?

By ranking bogus sites for the most searched phrases on Google, attackers use SEO tactics to skew search results. Hackers are targeting Microsoft Visual Studio 2015, Zoom, and TeamViewer in this case, among others.

When a visitor clicks on the malicious search results link, they are taken to a site that has already been infiltrated and has a Traffic Direction System installed (TDS).


Following the reroute, the site displays a bogus forum discussion in which a person inquires about a specific programme and another bogus user offers a download link.


When you click the download link, a bundled malware installer with the name of the desired application is created. People fall for it because of the software’s validity, which is true in most circumstances.

Infection with malware

Two distinct infection chains drop malware payloads on the machine if the downloaded installer is active.

The initial infection chain bundles BATLOADER, Atera Agent, and Ursnif with false software. The ATERA Agent is dropped without the malware loading steps in the second infection.

MSHTA was also used in the first infection chain to run a genuine Windows DLL (AppResolver) loaded with malicious VBScript to tamper with Defender settings and add particular exclusions.

The Conti relationship

Some of the strategies used in the campaigns, according to the researchers, are similar to those in the Conti playbooks, which were leaked in August 2020 and then reproduced by numerous groups and individuals.



Indirectly, the latest campaign demonstrates the need for data to target professionals. Furthermore, it is never a good idea to download productivity programmes from third-party stores and websites. As a result, when downloading software or programmes, always utilise reputable anti-malware solutions and approved sources.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us