BTC $64486.1556
ETH $3493.5274
BNB $586.7387
SOL $134.6672
stETH $3495.2913
XRP $0.4867
DOGE $0.1240
TON $7.2057
ADA $0.3760
wstETH $4088.5086
TRX $0.1188
WETH $3488.5671
WBTC $64295.8483
AVAX $25.3097
UNI $9.9993
DOT $5.6473
LINK $13.7522
BCH $386.2148
MATIC $0.5665
weETH $3632.7427
LTC $74.0929
DAI $1.0007
PEPE $0.0000
RNDR $7.4609
BSC-USD $1.0007
FET $1.5399
CAKE $2.2330
ICP $8.2147
ezETH $3513.4372
USDE $1.0010
KAS $0.1464
ETC $23.4356
NEAR $5.2921
IMX $1.5404
APT $6.8279
XMR $162.4862
HBAR $0.0781
MNT $0.8030
ENS $25.6418
FDUSD $1.0003
OKB $41.8833
ONDO $1.2088
FIL $4.4138
STX $1.6530
MKR $2475.1037
ATOM $6.7546
SUI $0.9046
BTC $64486.1556
ETH $3493.5274
BNB $586.7387
SOL $134.6672
stETH $3495.2913
XRP $0.4867
DOGE $0.1240
TON $7.2057
ADA $0.3760
wstETH $4088.5086
TRX $0.1188
WETH $3488.5671
WBTC $64295.8483
AVAX $25.3097
UNI $9.9993
DOT $5.6473
LINK $13.7522
BCH $386.2148
MATIC $0.5665
weETH $3632.7427
LTC $74.0929
DAI $1.0007
PEPE $0.0000
RNDR $7.4609
BSC-USD $1.0007
FET $1.5399
CAKE $2.2330
ICP $8.2147
ezETH $3513.4372
USDE $1.0010
KAS $0.1464
ETC $23.4356
NEAR $5.2921
IMX $1.5404
APT $6.8279
XMR $162.4862
HBAR $0.0781
MNT $0.8030
ENS $25.6418
FDUSD $1.0003
OKB $41.8833
ONDO $1.2088
FIL $4.4138
STX $1.6530
MKR $2475.1037
ATOM $6.7546
SUI $0.9046
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Cybercriminals manipulate Google search results and distribute malicious software to individuals who are not exercising vigilance

    Researchers at Securonix have discovered a malicious campaign using fake WinSCP to trick people into installing real WinSCP software. The campaign, known as "SEO#LURKER," involves changing Google search results and putting fake ads in them. The malicious ads send people to a hacked WordPress site called "gameeweb[.]com," which then sends them to a phishing site controlled by the hackers.

    Attackers use Google's dynamic search ads to create redirect ads, with the main goal being to trick users into visiting a fake WinSCP website with the domain "winccp[.]net" and downloading malware. The correctness of the link header directly affects the success of the redirect, and if the link is set up incorrectly, hackers can easily "rickroll" the user.

    Malware is sent in the form of a ZIP archive with an executable file inside, and the fake WinSCP installer is needed to maintain the mask of deception. Python scripts that run in the background are also used to communicate with the attackers' remote server and provide instructions on how to run commands on the infected device.

    While malware is spread through Google Ads, hackers could use the same method to target users of other popular software.

    Author reign3d
    Why everyone needs to know about de-anonymization and how it works
    The EASIEST type of cyberattack to avoid!

    Comments 0

    Add comment