BTC $76498.7202
ETH $3052.9511
SOL $202.2141
BNB $625.8355
XRP $0.5527
DOGE $0.2079
stETH $3052.7552
ADA $0.4413
TRX $0.1608
TON $5.2120
wstETH $3616.1968
AVAX $29.4947
WBTC $76381.7805
WETH $3059.8032
LINK $13.6222
UNI $9.0969
BCH $375.9663
SUI $2.3135
DOT $4.3898
LTC $73.6717
weETH $3212.9571
NEAR $4.4267
DAI $0.9994
APT $9.9158
PEPE $0.0000
BSC-USD $0.9984
ICP $8.3468
FET $1.4269
TAO $507.2711
CAKE $1.9621
FDUSD $0.9997
ETC $20.9067
XMR $162.7448
POL $0.3890
WBT $20.0378
AAVE $193.4493
KAS $0.1160
CRO $0.1060
USDE $1.0012
MNT $0.8122
RENDER $5.1970
IMX $1.2827
OKB $42.1436
STX $1.6709
WIF $2.4915
ARB $0.6142
FIL $3.9609
BTC $76498.7202
ETH $3052.9511
SOL $202.2141
BNB $625.8355
XRP $0.5527
DOGE $0.2079
stETH $3052.7552
ADA $0.4413
TRX $0.1608
TON $5.2120
wstETH $3616.1968
AVAX $29.4947
WBTC $76381.7805
WETH $3059.8032
LINK $13.6222
UNI $9.0969
BCH $375.9663
SUI $2.3135
DOT $4.3898
LTC $73.6717
weETH $3212.9571
NEAR $4.4267
DAI $0.9994
APT $9.9158
PEPE $0.0000
BSC-USD $0.9984
ICP $8.3468
FET $1.4269
TAO $507.2711
CAKE $1.9621
FDUSD $0.9997
ETC $20.9067
XMR $162.7448
POL $0.3890
WBT $20.0378
AAVE $193.4493
KAS $0.1160
CRO $0.1060
USDE $1.0012
MNT $0.8122
RENDER $5.1970
IMX $1.2827
OKB $42.1436
STX $1.6709
WIF $2.4915
ARB $0.6142
FIL $3.9609
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Cybercriminals manipulate Google search results and distribute malicious software to individuals who are not exercising vigilance

    Researchers at Securonix have discovered a malicious campaign using fake WinSCP to trick people into installing real WinSCP software. The campaign, known as "SEO#LURKER," involves changing Google search results and putting fake ads in them. The malicious ads send people to a hacked WordPress site called "gameeweb[.]com," which then sends them to a phishing site controlled by the hackers.

    Attackers use Google's dynamic search ads to create redirect ads, with the main goal being to trick users into visiting a fake WinSCP website with the domain "winccp[.]net" and downloading malware. The correctness of the link header directly affects the success of the redirect, and if the link is set up incorrectly, hackers can easily "rickroll" the user.

    Malware is sent in the form of a ZIP archive with an executable file inside, and the fake WinSCP installer is needed to maintain the mask of deception. Python scripts that run in the background are also used to communicate with the attackers' remote server and provide instructions on how to run commands on the infected device.

    While malware is spread through Google Ads, hackers could use the same method to target users of other popular software.

    Author reign3d
    Why everyone needs to know about de-anonymization and how it works
    The EASIEST type of cyberattack to avoid!

    Comments 0

    Add comment