BTC $103354.5528
ETH $2606.7338
XRP $2.5486
BNB $651.5963
SOL $176.4263
DOGE $0.2325
ADA $0.7984
TRX $0.2744
stETH $2604.1667
WBTC $103301.0649
SUI $3.9112
LINK $16.9941
wstETH $3133.2179
AVAX $24.9387
XLM $0.3034
USDS $0.9972
HBAR $0.2059
HYPE $25.1771
LEO $8.8762
TON $3.2423
BCH $402.3469
DOT $4.9744
LTC $100.8143
WETH $2603.6907
PI $0.8975
XMR $339.5057
weETH $2781.4488
PEPE $0.0000
BGB $4.7445
BTCB $103509.6329
BSC-USD $1.0007
CHEEL $5.1975
USDE $0.9987
WBT $30.3206
TAO $454.9621
UNI $6.5954
NEAR $3.0476
APT $5.7250
AAVE $229.2856
CBBTC $103403.9176
OKB $54.3944
DAI $0.9985
ONDO $1.0080
KAS $0.1206
ETC $19.8566
ICP $5.6317
CRO $0.1015
BTC $103354.5528
ETH $2606.7338
XRP $2.5486
BNB $651.5963
SOL $176.4263
DOGE $0.2325
ADA $0.7984
TRX $0.2744
stETH $2604.1667
WBTC $103301.0649
SUI $3.9112
LINK $16.9941
wstETH $3133.2179
AVAX $24.9387
XLM $0.3034
USDS $0.9972
HBAR $0.2059
HYPE $25.1771
LEO $8.8762
TON $3.2423
BCH $402.3469
DOT $4.9744
LTC $100.8143
WETH $2603.6907
PI $0.8975
XMR $339.5057
weETH $2781.4488
PEPE $0.0000
BGB $4.7445
BTCB $103509.6329
BSC-USD $1.0007
CHEEL $5.1975
USDE $0.9987
WBT $30.3206
TAO $454.9621
UNI $6.5954
NEAR $3.0476
APT $5.7250
AAVE $229.2856
CBBTC $103403.9176
OKB $54.3944
DAI $0.9985
ONDO $1.0080
KAS $0.1206
ETC $19.8566
ICP $5.6317
CRO $0.1015
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Cybercriminals manipulate Google search results and distribute malicious software to individuals who are not exercising vigilance

    Researchers at Securonix have discovered a malicious campaign using fake WinSCP to trick people into installing real WinSCP software. The campaign, known as "SEO#LURKER," involves changing Google search results and putting fake ads in them. The malicious ads send people to a hacked WordPress site called "gameeweb[.]com," which then sends them to a phishing site controlled by the hackers.

    Attackers use Google's dynamic search ads to create redirect ads, with the main goal being to trick users into visiting a fake WinSCP website with the domain "winccp[.]net" and downloading malware. The correctness of the link header directly affects the success of the redirect, and if the link is set up incorrectly, hackers can easily "rickroll" the user.

    Malware is sent in the form of a ZIP archive with an executable file inside, and the fake WinSCP installer is needed to maintain the mask of deception. Python scripts that run in the background are also used to communicate with the attackers' remote server and provide instructions on how to run commands on the infected device.

    While malware is spread through Google Ads, hackers could use the same method to target users of other popular software.

    Author reign3d
    Why everyone needs to know about de-anonymization and how it works
    The EASIEST type of cyberattack to avoid!

    Comments 0

    Add comment