BTC $108998.6537
ETH $2568.9386
XRP $2.3651
BNB $671.0436
SOL $180.8016
DOGE $0.2347
ADA $0.7786
TRX $0.2676
stETH $2567.5151
WBTC $109006.1133
SUI $3.6624
HYPE $35.1803
wstETH $3087.6040
LINK $16.2096
AVAX $24.4819
XLM $0.2924
BCH $443.2190
USDS $0.9995
HBAR $0.1988
LEO $8.7582
TON $3.0557
LTC $98.3488
DOT $4.7191
XMR $395.8924
WETH $2570.8088
BGB $5.5822
PEPE $0.0000
weETH $2744.5174
BSC-USD $1.0020
BTCB $109360.9210
PI $0.7597
WBT $31.8656
USDE $1.0003
TAO $448.9188
AAVE $253.1931
NEAR $2.9182
APT $5.5838
UNI $6.1350
DAI $0.9982
OKB $52.1056
ONDO $0.9724
CBBTC $109082.7750
CRO $0.0980
ICP $5.4601
KAS $0.1112
ETC $19.0732
TKX $35.0020
BTC $108998.6537
ETH $2568.9386
XRP $2.3651
BNB $671.0436
SOL $180.8016
DOGE $0.2347
ADA $0.7786
TRX $0.2676
stETH $2567.5151
WBTC $109006.1133
SUI $3.6624
HYPE $35.1803
wstETH $3087.6040
LINK $16.2096
AVAX $24.4819
XLM $0.2924
BCH $443.2190
USDS $0.9995
HBAR $0.1988
LEO $8.7582
TON $3.0557
LTC $98.3488
DOT $4.7191
XMR $395.8924
WETH $2570.8088
BGB $5.5822
PEPE $0.0000
weETH $2744.5174
BSC-USD $1.0020
BTCB $109360.9210
PI $0.7597
WBT $31.8656
USDE $1.0003
TAO $448.9188
AAVE $253.1931
NEAR $2.9182
APT $5.5838
UNI $6.1350
DAI $0.9982
OKB $52.1056
ONDO $0.9724
CBBTC $109082.7750
CRO $0.0980
ICP $5.4601
KAS $0.1112
ETC $19.0732
TKX $35.0020
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Cybercriminals manipulate Google search results and distribute malicious software to individuals who are not exercising vigilance

    Researchers at Securonix have discovered a malicious campaign using fake WinSCP to trick people into installing real WinSCP software. The campaign, known as "SEO#LURKER," involves changing Google search results and putting fake ads in them. The malicious ads send people to a hacked WordPress site called "gameeweb[.]com," which then sends them to a phishing site controlled by the hackers.

    Attackers use Google's dynamic search ads to create redirect ads, with the main goal being to trick users into visiting a fake WinSCP website with the domain "winccp[.]net" and downloading malware. The correctness of the link header directly affects the success of the redirect, and if the link is set up incorrectly, hackers can easily "rickroll" the user.

    Malware is sent in the form of a ZIP archive with an executable file inside, and the fake WinSCP installer is needed to maintain the mask of deception. Python scripts that run in the background are also used to communicate with the attackers' remote server and provide instructions on how to run commands on the infected device.

    While malware is spread through Google Ads, hackers could use the same method to target users of other popular software.

    Author reign3d
    Why everyone needs to know about de-anonymization and how it works
    The EASIEST type of cyberattack to avoid!

    Comments 0

    Add comment