October 2025 Infostealer Trend Report - ASEC

A new report by AhnLab SEcurity intelligence Center on Infostealer malware shows that the malware is being distributed using a strategy called SEO poisoning, while other threat actors are using crack disguising techniques.

Pulse ID: 691ef0bc44818adcda7ce0a2
Pulse Link: https://otx.alienvault.com/pulse/691ef0bc44818adcda7ce0a2
Pulse Author: CyberHunter_NL
Created: 2025-11-20 10:43:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#ASEC #AhnLab #CyberSecurity #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #RAT #SEOPoisoning #bot #CyberHunter_NL

WEBJACK: Evolving IIS Hijacking Campaign Abuses SEO for Fraud and Monetization

A malware campaign called WEBJACK is compromising Microsoft IIS servers to deploy BadIIS malware modules for SEO poisoning and fraud. The attackers hijack high-profile targets, including government and educational institutions, to redirect users to gambling websites. The campaign uses various tools from the Chinese cybercriminal ecosystem, suggesting a Chinese-speaking threat actor. The malicious IIS modules selectively serve content to search engine crawlers while redirecting or blocking ordinary visitors. The operation spans multiple countries, primarily in Southeast Asia and Latin America, with a focus on Vietnamese-language targeting. The campaign demonstrates the evolving nature of IIS hijacking and the growing trend of leveraging legitimate security tools for malicious purposes.

Pulse ID: 691d87825037189199f53698
Pulse Link: https://otx.alienvault.com/pulse/691d87825037189199f53698
Pulse Author: AlienVault
Created: 2025-11-19 09:01:54

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #Chinese #CyberSecurity #Education #Government #InfoSec #LatinAmerica #Malware #Microsoft #OTX #OpenThreatExchange #RAT #SEOPoisoning #Vietnam #bot #AlienVault

Attackers are turning Google results into malware delivery systems, using fake software installers and sponsored ads to plant backdoors inside organizations. In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin unpack the latest SEO poisoning and malvertising research and share actionable defenses.

From ad blocking to safer browsing habits, learn how to protect your team from the poisoned web. Listen to the podcast: https://www.chatcyberside.com/e/search-results-are-the-new-phish-inside-seo-poisoning-attacks/

Watch the video: https://youtu.be/xKKA1ikoZ-4

#SEOpoisoning #Malvertising #Cybersecurity #Software #Advertising #Phishing #PoisonedWeb

🛡️ Microsoft revokes 200+ fraudulent certificates linked to Vanilla Tempest’s Rhysida ransomware campaign. The attacker used fake Teams installers and SEO-poisoned domains to deploy malware.

💬 How are your organizations defending against trojanized software campaigns? Comment your strategies & follow TechNadu for verified cybersecurity intelligence.

#Rhysida #Ransomware #CyberSecurity #InfoSec #ThreatIntel #Malware #VanillaTempest #OysterBackdoor #SEOpoisoning #TechNadu

Quick download risks more than just lost time—a fake Microsoft Teams installer can be a hacker’s gateway. Cyber crooks are using deceptive ads and SEO tricks to sneak malware onto your device. Are you sure you're downloading from a safe source?

https://thedefendopsdiaries.com/how-fake-microsoft-teams-installers-spread-malware-what-you-need-to-know-about-malvertising-and-seo-poisoning/

#malvertising
#seopoisoning
#microsoftteams
#oystermalware
#cybersecurityawareness

🚨 SEO POISONING MALWARE ALERT - Enterprise users at risk via Google search

CORTEX Intelligence: Sophisticated campaigns funnel users to Vidar & RedLine infostealers through poisoned search results. Enhanced browsing defenses now critical.

#CyberSecurity #ThreatIntel #SEOPoisoning

SEO poisoning + GitHub Pages hosting are delivering HiddenGh0st, Winos & kkRAT installers that evade AV (BYOVD), hijack clipboard addresses, and load modular RAT plugins.

Recommended: block disposable TLDs, enforce installer allowlists, monitor startup shortcuts/TypeLib changes, and flag unusual scheduled tasks/process renames. Discuss your mitigations — follow @technadu.

#InfoSec #Malware #ThreatIntel #RAT #SEOpoisoning #GitHubSecurity

🚨 SEO poisoning alert! Watch what you download as #Windows users are being targeted with fake search results that lead to installers containing Hiddengh0st and Winos malware

Read: https://hackread.com/seo-poisoning-attack-windows-hiddengh0st-winos-malware/

#Cybersecurity #Malware #Hiddengh0st #Winos #SEOpoisoning

Oyster Backdoor Disguised as PuTTY and KeyPass Targets IT Admins via SEO Poisoning
https://gbhackers.com/oyster-backdoor-disguised-as-putty-and-keypass/

#Infosec #Security #Cybersecurity #CeptBiro #OysterBackdoor #PuTTY #KeyPass #ITAdmins #SEOPoisoning

Cybercriminals are abusing #Google's search rankings using a black market service called #Hacklink, facilitating much more than #SEOPoisoning.

Read: https://hackread.com/hacklink-market-seo-poisoning-attacks-google-results/

#CyberSecurity #CyberCrime #Scam #Fraud