SEO Poisoning Attacks by REvil and SolarMarker - TheDigitalHacker

The Menlo Labs team discovered two distinct campaigns that dropped REvil and SolarMarker backdoors. Both campaigns use the SEO poisoning method to distribute payloads in the systems of targeted victims.

According to researchers, recent Gootloader and SolarMarket campaigns (distributing the REvil and SolarMarket backdoors, respectively) have increasingly used SEO poisoning to target their victims.

The attackers inject keywords covering 2,000 unique search topics and terms, such as professional development evaluation, sports mental toughness, and industrial hygiene walk-through, into WordPress-based sites. On Google, malicious websites were optimised for these keywords. As a result, users were presented with search results in the form of PDFs, urging them to download the document. Furthermore, the redirects prevent sites from being removed from search results.

The campaign served the malicious PDFs from a variety of locations, with the United States topping the list, followed by Iran and Turkey. The attackers primarily targeted business websites that host PDFs such as guides and reports. Furthermore, some well-known education and.gov websites were disseminating malicious PDFs.

The attackers in these two campaigns did not create their own malicious sites, but instead hacked WordPress sites with high search rankings. These sites were compromised as a result of an unknown vulnerability in the Formidable Forms WordPress plugin. The plugin’s 5.0.07 version was compromised;...



Read Full Story: https://thedigitalhacker.com/seo-poisoning-attacks-by-revil-and-solarmarker/

Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.