Security News > 2022 > February > SEO poisoning pushes malware-laced Zoom, TeamViewer, Visual Studio installers
A new SEO poisoning campaign is underway, dropping the Batloader and Atera Agent malware onto the systems of targeted professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio.
These campaigns rely on the compromise of legitimate websites to plant malicious files or URLs that redirect users to sites that host malware disguised as popular apps.
Clicking the download link will cause the site to create a packaged malware installer using the name of the sought-after application.
As the malware packages include the legitimate software, many users will not realize they have also been infected with malware.
The second infection chain drops ATERA Agent directly, bypassing the malware loading stages.
In the first infection chain, the actors use MSHTA to execute a legitimate Windows DLL laced with a malicious VBScript to change Microsoft Defender settings and add specific exclusions.