A recent SEO poisoning attack targeted Chinese-speaking Windows users by manipulating search results to direct them to malicious websites. The campaign involved disguised malware in legitimate-looking installers, using SEO techniques and anti-analysis tactics to evade detection and establish persistent infections. #Hiddengh0st #Winos
Keypoints
- Cybercriminals used SEO strategies to promote fake websites that spread malware.
- Malware variants like Hiddengh0st and Winos were embedded in legitimate application installers.
- The campaign employed scripts such as βnice.jsβ for multi-step redirection to malicious downloads.
- The malware included anti-analysis features to evade detection and persist on infected systems.
- Final payloads enabled data theft, keystroke logging, and targeted Telegram activity monitoring.
Read More: https://www.infosecurity-magazine.com/news/seo-poisoning-targets-china/