SEO Poisoning Campaign Laces Your Zoom And TeamViewer Installs With BATLOADER Malware – Hot Hardware
Acybersecurity firm just recently discovered a search engine optimization (SEO) poisoning campaign intended to dupe users into installing malware on their computers. The campaign works by leveraging various SEO techniques, such as cramming tons of keywords into the source code of various malicious webpages, in order to raise those webpages near the top of the search results for various productivity applications that are free to download.
The Mandiant team found that this campaign has two different infection chains. The first infection chain targets users looking for software bundles. A user who searches for something like free software development tools installation may see a compromised website among the search results on the first page and visit that site. If the user downloads and runs the software installer on the compromised site, it will install legitimate software, but bundled with that software is BATLOADER malware.
Once the BATLOADER malware is executed as part of the installation process, a multi-stage infection chain begins, where each stage involves downloading and executing an additional malicious payload. One of these payloads contains malicious VBScript embedded inside a legitimate internal component of Windows, AppResolver.dll. Despite the malicious VBScript, the DLL samples code signature remains valid, which is an issue that Microsoft attempted to address with a patch for CVE-2020-1599.
In a later stage of this attack chain, the malicious payload installs additional malware, as well as ATERA. However, the second attack chain skips over the previous steps and installs ATERA directly.
Users directed to the malicious website will find a message board with a download link for what appears to be legitimate software, but is really the ATERA Agent Installer Package. ATERA is legitimate Remote Monitoring and Management (RMM) software, but the threat actors in this case use it to run pre-configured scripts, perform malicious tasks, install persistent malware, and finally uninstall itself, once its work is done.
According to Mandiant, some of the attack chain activity overlaps with techniques used in CONTI ransomware operations. The threat group behind this SEO poisoning campaign may be replicating CONTI techniques, by drawing on training documents, playbooks, and tools that were leaked by a disgruntled CONTI affiliate in August 2021.
Mandiants report on the SEO poisoning campaign contains further details, including some of the malicious domains being used in the campaign, as well as MD5 hash values of malicious packages used in the campaign.
Originally posted here:
SEO Poisoning Campaign Laces Your Zoom And TeamViewer Installs With BATLOADER Malware - Hot Hardware
- 70+ PPC and Google Adwords Interview Questions and Answers for 2025 - Simplilearn - November 16th, 2024 [November 16th, 2024]
- Reframing SEO: Why training search engines is the new game in the age of AI - Search Engine Land - August 29th, 2024 [August 29th, 2024]
- Redefining SEO: How training search engines is shaping the future of digital content - Tech Edition - August 29th, 2024 [August 29th, 2024]
- SEO University Partners with Salterra to Launch Advanced Schema - WICZ - August 25th, 2024 [August 25th, 2024]
- SEO University Partners with Salterra to Launch Advanced Schema Course, Empowering SEO Professionals with Expert Training - Barchart - August 20th, 2024 [August 20th, 2024]
- SEO University Partners with Salterra to Launch Advanced Schema - openPR - August 20th, 2024 [August 20th, 2024]
- Top Websites to Learn SEO in 2024 - Analytics Insight - July 26th, 2024 [July 26th, 2024]
- What is the process to Learn SEO Step by Step? - INSCMagazine - January 30th, 2024 [January 30th, 2024]
- Park Seo-joon Mentions V's Photo At Army Training Center, He Wore The Same Raincoat As I Did 15 Years Go - KBIZoom - December 17th, 2023 [December 17th, 2023]
- The Bicycle Coalition Attends the Vision Zero Cities 2023 Conference - Bicycle Coalition of Greater Philadelphia - October 27th, 2023 [October 27th, 2023]
- The 40 best crime movies of all time - Entertainment Weekly News - October 27th, 2023 [October 27th, 2023]
- 50 Remote Jobs That Pay Over $50000 a Year: Part Two Jobs ... - Medium - October 23rd, 2023 [October 23rd, 2023]
- How Search Generative Experience works and why retrieval ... - Search Engine Land - October 23rd, 2023 [October 23rd, 2023]
- ONE: Radzuan responds to Stamp rematch talk, impressed by title win - South China Morning Post - October 23rd, 2023 [October 23rd, 2023]
- California Law Limits Bitcoin ATM Transactions to $1,000 to Thwart ... - Slashdot - October 23rd, 2023 [October 23rd, 2023]
- Tech CEO Sentenced To 5 Years in IP Address Scheme - Slashdot - October 23rd, 2023 [October 23rd, 2023]
- Is Digital Marketing Training Worth it - Kings of War - October 3rd, 2023 [October 3rd, 2023]
- The 2023 Nonprofit Power 100 - City & State - October 3rd, 2023 [October 3rd, 2023]
- 'Embarrassing' Court Document Google Wanted to Hide Finally ... - Slashdot - October 3rd, 2023 [October 3rd, 2023]
- H&R Block, Meta, and Google Slapped With RICO Suit, Allegedly ... - Slashdot - October 3rd, 2023 [October 3rd, 2023]
- FBI Indicts Goldman Sachs Analyst Who Tried Using Xbox Chat for ... - Slashdot - October 3rd, 2023 [October 3rd, 2023]
- 8 top marketing certifications and courses for 2023 - TechTarget - July 17th, 2023 [July 17th, 2023]
- How to win SEO allies and influence the brand guardians - Search Engine Land - July 17th, 2023 [July 17th, 2023]
- How relying on LLMs can lead to SEO disaster - Search Engine Land - July 17th, 2023 [July 17th, 2023]
- Become the next generation of multimedia content creators and ... - Education Times - July 17th, 2023 [July 17th, 2023]
- A Week in My Life: Fiona Brindle, Head of SEO, TrunkBBI - Prolific North - July 17th, 2023 [July 17th, 2023]
- Preparing the underserved: Five Auburn University alumni ... - Office of Communications and Marketing - July 17th, 2023 [July 17th, 2023]
- Should You Have a Go at Search Engine Optimization (SEO)? - Printing Impressions - June 9th, 2023 [June 9th, 2023]
- Chris Raulf of Boulder SEO Marketing to Give Masterclass on Micro ... - Digital Journal - June 9th, 2023 [June 9th, 2023]
- Augmented Reality Training Simulator Market 2031 Key Insights and ... - KaleidoScot - June 9th, 2023 [June 9th, 2023]
- Training Software Market 2023 Trends with Analysis on Key Players ... - KaleidoScot - June 9th, 2023 [June 9th, 2023]
- Training Outsourcing Market 2023 Trends with Analysis on Key ... - KaleidoScot - June 9th, 2023 [June 9th, 2023]
- COVID-19 Impact Analysis of Education Market 2031 | Key Players ... - KaleidoScot - June 9th, 2023 [June 9th, 2023]
- MarTechBot: Insights from real-world usage (so far) - MarTech - June 9th, 2023 [June 9th, 2023]
- Cognitive Assessment and Training Healthcare Market 2031 Growth ... - KaleidoScot - June 9th, 2023 [June 9th, 2023]
- Prestige whisky brand appoints Wild PR to support business growth - Bdaily News - June 9th, 2023 [June 9th, 2023]
- Erling Haaland Names Toughest Opponent He's Faced This Year ... - Sports Lens - June 9th, 2023 [June 9th, 2023]
- Local Brand Advisor Proves Its Worth As Leading and Results ... - Digital Journal - May 29th, 2023 [May 29th, 2023]
- Family: The Unbreakable Bond - K-drama Episode 10 Recap ... - TheReviewGeek - May 29th, 2023 [May 29th, 2023]
- Salesbop: The AI-Powered Sales Coach and Trainer ... - Digital Journal - May 29th, 2023 [May 29th, 2023]
- Career Technical Educational Opportunities for Students Attending ... - Demopolis Times - May 29th, 2023 [May 29th, 2023]
- Doctor Cha Episode 13 Twitter Reactions: Cliffhanger Over ... - Leisure Byte - May 29th, 2023 [May 29th, 2023]
- The National Eating Disorder Helpline Replaced Its Staff With a ... - The Mary Sue - May 29th, 2023 [May 29th, 2023]
- Brendan Johnston: A 15 year pro-racing quest with a gravel resolution - Cyclingnews - May 29th, 2023 [May 29th, 2023]
- Business Briefing: Apple Blossom Holistic, business news and ... - Laois Today - May 29th, 2023 [May 29th, 2023]
- How the media is covering ChatGPT - Columbia Journalism Review - May 29th, 2023 [May 29th, 2023]
- BSM to Host a Complimentary Webinar Entitled "AI and SEO. The ... - Digital Journal - May 18th, 2023 [May 18th, 2023]
- Developing Skills to Stay Competitive - ATD - May 18th, 2023 [May 18th, 2023]
- The biggest challenges facing small businesses and how to ... - Arizona Big Media - May 18th, 2023 [May 18th, 2023]
- Priyanka Chopra Jonas On Husband Nick Jonas' 'Mean' Martini, Her ... - ELLE UK - May 18th, 2023 [May 18th, 2023]
- The Idaho Towns Bankrolling Donald Trump's Campaign - News Radio 1310 KLIX - May 18th, 2023 [May 18th, 2023]
- Online Stable Startup: Tips and Tricks for Launching a Horse Business - Everything Horse UK - May 18th, 2023 [May 18th, 2023]
- ReKommendations: My Perfect Stranger, Duty After School, and more; K-dramas to catch up with this weekend - PINKVILLA - May 18th, 2023 [May 18th, 2023]
- The Full Cast of Netflix's 'Black Knight' - We Got This Covered - May 18th, 2023 [May 18th, 2023]
- Thanet business news: CAMRA awards, Thanet Earth, Dirtee Feast ... - The Isle of Thanet News - May 18th, 2023 [May 18th, 2023]
- Top 100: New to the List Fast Action Pest Control - PCT Magazine - May 18th, 2023 [May 18th, 2023]
- We are in content marketing era, the opportunities are diverse - Capital FM Kenya - May 14th, 2023 [May 14th, 2023]
- 25+ Best Remote Jobs Without Degree or Experience in 2023 - Southwest Journal - May 14th, 2023 [May 14th, 2023]
- SEO Fight Club Episode 198 Explores AI Training Corpus And AI ... - Digital Journal - May 12th, 2023 [May 12th, 2023]
- Various Advantages of HubSpot - CIOReview - May 12th, 2023 [May 12th, 2023]
- How to Start and Grow a Successful Real Estate Business: Business ... - RealtyBizNews - May 12th, 2023 [May 12th, 2023]
- Small Business, Big Results: Rely on Top SEO Company in Ahmedabad - The Week - May 12th, 2023 [May 12th, 2023]
- How to Get Google's Attention with AI-Generated Content - PR News - For Smart Communicators - May 12th, 2023 [May 12th, 2023]
- Meet the next Leadership Academy for Women in Media cohort in ... - Poynter - May 12th, 2023 [May 12th, 2023]
- Republic of Korea and U.S. Navy Conduct Combined Maritime ... - Pacific Command - May 10th, 2023 [May 10th, 2023]
- Boostly introduces ChatGPT integration for direct booking websites - Short Term Rentalz - May 10th, 2023 [May 10th, 2023]
- YACSS Announces Panel of Speakers for the First Annual YACSS SEO Conference - Yahoo Finance - May 10th, 2023 [May 10th, 2023]
- Google On Protecting Anchor Text Signal From Spam Site Influence - Search Engine Journal - May 10th, 2023 [May 10th, 2023]
- How To Start A Business In 11 Steps (2023 Guide) - Forbes - May 10th, 2023 [May 10th, 2023]
- Ocean Tomo, a part of J.S. Held Welcomes Delegation from Korea ... - PR Web - May 10th, 2023 [May 10th, 2023]
- Lionel Messi Returns To PSG Training After Suspension Lifted - Sports Lens - May 10th, 2023 [May 10th, 2023]
- Engaging Consumers in a Generative AI World - BCG - May 10th, 2023 [May 10th, 2023]
- Alyse Anderson has been training with Rose Namajunas - Asian MMA - May 8th, 2023 [May 8th, 2023]
- 12 questions to ask SEO platform vendors during the demo - MarTech - May 8th, 2023 [May 8th, 2023]
- How To Write ChatGPT Prompts To Get The Best Results - Search Engine Journal - May 8th, 2023 [May 8th, 2023]
- Roses and thorns: 5-6-23 - The Commercial Dispatch - May 8th, 2023 [May 8th, 2023]
- Achieving success in your own terms through the eyes of six Filipino ... - Manila Bulletin - May 8th, 2023 [May 8th, 2023]
- Rethinking SEO Strategy: Mindset Coach Helps Businesses Achieve ... - BusinessMole - May 2nd, 2023 [May 2nd, 2023]
- Achieving SEO Success: Mindset Coach Offers Innovative Problem ... - Business Manchester - May 2nd, 2023 [May 2nd, 2023]
- Megan Bridgeman named SEO editor based on the West Coast - The Washington Post - May 2nd, 2023 [May 2nd, 2023]