Cybersecurity researchers have uncovered a new campaign utilizing SEO poisoning, fake login pages, and compromised routers to steal employee credentials and redirect payroll payments. This sophisticated attack evades detection through mobile device targeting, proxy botnets, and the use of residential IP addresses. #ReliaQuest #Pusher
Keypoints
- The campaign employs SEO poisoning with fake websites appearing in search engine results to lure employees.
- Attackers use compromised home routers and mobile networks to mask their malicious activity and evade detection.
- The targeted mobile devices often lack enterprise security, making it easier for hackers to exploit them.
- Credential theft is followed by rapid reuse through a WebSocket alert system, facilitating unauthorized access.
- Wider threats include phishing campaigns like CoGUI and smishing kits such as Panda Shop, which target global organizations.
Read More: https://thehackernews.com/2025/05/employees-searching-payroll-portals-on.html