Hackers are using Google search results to spread banking Trojan

  • 263
  •  
  •  
  • 1
  •  
  •  
  •  
    264
    Shares

Cybercriminals decided to use the Search Engine Optimization (SEO) to make their malicious links more widespread in the search results, allowing them to gain more victims with the Zeus Panda banking Trojan.

This Zeus Panda group determined to use a group of hacked websites to insert keywords in new pages or hide the keywords inside existing pages.

SEO-malvertising Zeus Panda distribution campaign has been discovered by Cisco Talos, the company also released a report with technical details about the distribution campaign.

According to Cisco Talos:
“The overall configuration and operation of the infrastructure used to distribute this malware was interesting as it did not rely on distribution methods that Talos regularly sees being used for the distribution of malware,”

The attackers are using compromised business websites that have earned ratings and reviews, they could make the results appear more legitimate to users (victims), as can be seen by the star/rating presented beside the results in the search engine result pages.

Victims clicking on these links in the results would arrive on the compromised website, then a malicious JavaScript code would execute in the background and forwarded the victim through a list of websites until he reached a website that offers a Microsoft Word document for download.

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!