BTC $68124.1925
ETH $3534.9654
BNB $601.9406
SOL $184.5379
XRP $0.5977
DOGE $0.1402
TON $7.1755
ADA $0.4463
wstETH $4142.7912
AVAX $32.6155
TRX $0.1344
WBTC $68021.4687
WETH $3537.6671
DOT $6.4224
LINK $14.8100
BCH $401.1017
UNI $8.1300
LTC $73.9350
MATIC $0.5480
DAI $1.0017
PEPE $0.0000
LEO $5.6786
ICP $10.7336
KAS $0.1795
BSC-USD $0.9965
NEAR $6.3387
FET $1.4897
CAKE $2.0854
ETC $24.1691
APT $7.4832
USDE $1.0004
IMX $1.6727
XMR $164.4277
MNT $0.8851
STX $1.9533
RNDR $7.1724
WIF $2.8268
ENS $27.3216
FIL $4.7757
MKR $2889.0646
HBAR $0.0747
INJ $27.4782
OKB $42.5816
VET $0.0308
TAO $350.0986
ONDO $1.0886
AR $34.2036
BTC $68124.1925
ETH $3534.9654
BNB $601.9406
SOL $184.5379
XRP $0.5977
DOGE $0.1402
TON $7.1755
ADA $0.4463
wstETH $4142.7912
AVAX $32.6155
TRX $0.1344
WBTC $68021.4687
WETH $3537.6671
DOT $6.4224
LINK $14.8100
BCH $401.1017
UNI $8.1300
LTC $73.9350
MATIC $0.5480
DAI $1.0017
PEPE $0.0000
LEO $5.6786
ICP $10.7336
KAS $0.1795
BSC-USD $0.9965
NEAR $6.3387
FET $1.4897
CAKE $2.0854
ETC $24.1691
APT $7.4832
USDE $1.0004
IMX $1.6727
XMR $164.4277
MNT $0.8851
STX $1.9533
RNDR $7.1724
WIF $2.8268
ENS $27.3216
FIL $4.7757
MKR $2889.0646
HBAR $0.0747
INJ $27.4782
OKB $42.5816
VET $0.0308
TAO $350.0986
ONDO $1.0886
AR $34.2036
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Cybercriminals manipulate Google search results and distribute malicious software to individuals who are not exercising vigilance

    Researchers at Securonix have discovered a malicious campaign using fake WinSCP to trick people into installing real WinSCP software. The campaign, known as "SEO#LURKER," involves changing Google search results and putting fake ads in them. The malicious ads send people to a hacked WordPress site called "gameeweb[.]com," which then sends them to a phishing site controlled by the hackers.

    Attackers use Google's dynamic search ads to create redirect ads, with the main goal being to trick users into visiting a fake WinSCP website with the domain "winccp[.]net" and downloading malware. The correctness of the link header directly affects the success of the redirect, and if the link is set up incorrectly, hackers can easily "rickroll" the user.

    Malware is sent in the form of a ZIP archive with an executable file inside, and the fake WinSCP installer is needed to maintain the mask of deception. Python scripts that run in the background are also used to communicate with the attackers' remote server and provide instructions on how to run commands on the infected device.

    While malware is spread through Google Ads, hackers could use the same method to target users of other popular software.

    Author reign3d
    Why everyone needs to know about de-anonymization and how it works
    The EASIEST type of cyberattack to avoid!

    Comments 0

    Add comment