Security News > 2021 > March > Hackers use black hat SEO to push ransomware, trojans via Google

The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results.
Malware campaigns relying on Gootloader's mechanism have been spotted last year delivering REvil ransomware to targets in Germany.
The actors regrouped by forming a vast network of hacked WordPress sites and using SEO poisoning to show in Google forum posts fake forums with malicious links.
A report today from cybersecurity company Sophos estimates that Gootloader controls about 400 servers active at any time that host hacked, legitimate websites.
According to Sophos, Gootloader campaigns target visitors from the U.S. Germany, and South Korea.
Sophos has published a technical analysis of the Gootloader infection chain and makes available on its GitHub page indicators of compromise and a Yara rule for its malicious JavaScript files.
News URL
Related news
- Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)