New SEO Poisoning Campaign Is Wreaking Havoc on the Cyberthreat Landscape

A new SEO poisoning campaign is currently taking place with the goal of dropping the Batloader and Atera Agent malware into the targeted systems. It seems that it’s directed towards professionals who are on the lookout for downloading productivity tools like TeamViewer, Zoom, or Visual Studio.

What Is SEO Poisoning?

SEO poisoning is the act of injecting links into web pages with the intent to manipulate search engine rankings. These links are typically hidden and not visible to the site visitor.

The most common type of SEO poisoning is known as “link injection.” Link injection involves adding links onto a web page without the owner’s knowledge or permission, usually through JavaScript code. The link will be invisible to visitors but can be seen by search engines.

How Does This SEO Poisoning Campaign Work?

According to a report by researchers at Mandiant, in this malicious SEO campaign, threat actors compromise legitimate websites with the purpose of planting compromised files or URLs. This way, users are redirected to websites that accommodate malware posing as well-known applications.

After the software installers download and execution is complete, the malware will infect users.

Using SEO techniques to apply them to legitimate websites and targeting keywords related

Read More: https://heimdalsecurity.com/blog/new-seo-poisoning-is-wreaking-havoc-on-the-cyberthreat-landscape-dropping-batloader-and-atera-agent/