Security News > 2021 > March > Hackers use black hat SEO to push ransomware, trojans via Google

Hackers use black hat SEO to push ransomware, trojans via Google
2021-03-01 18:10

The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results.

Malware campaigns relying on Gootloader's mechanism have been spotted last year delivering REvil ransomware to targets in Germany.

The actors regrouped by forming a vast network of hacked WordPress sites and using SEO poisoning to show in Google forum posts fake forums with malicious links.

A report today from cybersecurity company Sophos estimates that Gootloader controls about 400 servers active at any time that host hacked, legitimate websites.

According to Sophos, Gootloader campaigns target visitors from the U.S. Germany, and South Korea.

Sophos has published a technical analysis of the Gootloader infection chain and makes available on its GitHub page indicators of compromise and a Yara rule for its malicious JavaScript files.


News URL

https://www.bleepingcomputer.com/news/security/hackers-use-black-hat-seo-to-push-ransomware-trojans-via-google/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995