BTC $62872.5802
ETH $2542.1690
BNB $567.1465
SOL $146.8376
XRP $0.5832
stETH $2541.5194
DOGE $0.1046
TON $5.5980
TRX $0.1520
ADA $0.3519
AVAX $27.1416
wstETH $2998.7873
WBTC $62860.9352
WETH $2545.1266
LINK $11.4382
BCH $335.3709
DOT $4.2809
UNI $6.7392
DAI $0.9994
LTC $64.8816
KAS $0.1690
FET $1.6105
SUI $1.4951
BSC-USD $1.0002
ICP $8.3975
APT $7.2764
PEPE $0.0000
CAKE $1.8405
XMR $176.9786
IMX $1.5709
TAO $409.6685
POL $0.3984
ETC $18.9219
USDE $0.9986
NEAR $4.3604
STX $1.7593
FDUSD $0.9990
OKB $39.0418
AAVE $153.2829
FIL $3.7348
INJ $20.7165
MNT $0.6038
XLM $0.0956
HBAR $0.0518
VET $0.0235
ENS $18.2015
WIF $1.7700
BTC $62872.5802
ETH $2542.1690
BNB $567.1465
SOL $146.8376
XRP $0.5832
stETH $2541.5194
DOGE $0.1046
TON $5.5980
TRX $0.1520
ADA $0.3519
AVAX $27.1416
wstETH $2998.7873
WBTC $62860.9352
WETH $2545.1266
LINK $11.4382
BCH $335.3709
DOT $4.2809
UNI $6.7392
DAI $0.9994
LTC $64.8816
KAS $0.1690
FET $1.6105
SUI $1.4951
BSC-USD $1.0002
ICP $8.3975
APT $7.2764
PEPE $0.0000
CAKE $1.8405
XMR $176.9786
IMX $1.5709
TAO $409.6685
POL $0.3984
ETC $18.9219
USDE $0.9986
NEAR $4.3604
STX $1.7593
FDUSD $0.9990
OKB $39.0418
AAVE $153.2829
FIL $3.7348
INJ $20.7165
MNT $0.6038
XLM $0.0956
HBAR $0.0518
VET $0.0235
ENS $18.2015
WIF $1.7700
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Cybercriminals manipulate Google search results and distribute malicious software to individuals who are not exercising vigilance

    Researchers at Securonix have discovered a malicious campaign using fake WinSCP to trick people into installing real WinSCP software. The campaign, known as "SEO#LURKER," involves changing Google search results and putting fake ads in them. The malicious ads send people to a hacked WordPress site called "gameeweb[.]com," which then sends them to a phishing site controlled by the hackers.

    Attackers use Google's dynamic search ads to create redirect ads, with the main goal being to trick users into visiting a fake WinSCP website with the domain "winccp[.]net" and downloading malware. The correctness of the link header directly affects the success of the redirect, and if the link is set up incorrectly, hackers can easily "rickroll" the user.

    Malware is sent in the form of a ZIP archive with an executable file inside, and the fake WinSCP installer is needed to maintain the mask of deception. Python scripts that run in the background are also used to communicate with the attackers' remote server and provide instructions on how to run commands on the infected device.

    While malware is spread through Google Ads, hackers could use the same method to target users of other popular software.

    Author reign3d
    Why everyone needs to know about de-anonymization and how it works
    The EASIEST type of cyberattack to avoid!

    Comments 0

    Add comment