A poisoned search engine optimisation (SEO) campaign has duped over 100 million web users into visiting malicious web pages, a security firm has warned.
The campaign, run by a well-known blackhat SEO operator, has used Google image search to redirect users to fake anti-virus downloads in a bid to compromise users' systems.
"In just one month, this campaign was able to redirect nearly 300 million hits from 113 million visitors to the malicious landing pages," Trend Micro explained in a blog post.
"In addition to generating pages full of bad links and keywords to boost search engine results ranking, the operator also embedded images taken from legitimate sites so its pages can get a high Google Image Search index."
To date, Trend Micro said it had identified 4,586 compromised servers connecting to the blackhat SEO command server.
Using these servers, the hackers have implanted two kinds of pages inside various websites, one being a standard fake anti-virus scanning page, the other a Traffic Direction System (TDS) page.
"TDS pages are used as landing pages to direct traffic to malicious content based on a variety of criteria such as OS, browser version, and geographic location," the security firm explained.
"This particular campaign uses the well-known SUTRA TDS to redirect users to [fake anti-virus] landing pages or to pages that host the Black Hole Exploit pack."
In the past 30 days, that TDS redirected 220,175,652 hits from 82,568,468 visitors.
This campaign targeted Mac users in particular by using landing pages designed to imitate the appearance of the Mac OS.
"This campaign again demonstrates how effective blackhat SEO techniques are in driving traffic to malicious websites," Trend Micro added.
"Despite low conversion rates in terms of exploitation and [fake anti-virus] downloads or purchases, this operation is still likely generating a considerable amount of money for its operators."
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Exploitation of Docker remote API servers has reached a “critical level”News Hackers are targeting Docker’s remote access API as it allows them to pivot from a single container to the host and deploy malware with ease
-
Cyber criminal underground “thriving” as weekly attacks surge by 75% in Q3 2024Cyber attacks reached another all-time high this quarter as digital crime continues to be a highly profitable industry for threat actors
-
Alarm raised over patched Phemedrone Stealer malware that's being used to target Windows PCs - here's what you need to knowNews Phemedrone Stealer is being used to exploit a vulnerability in Windows Defender SmartScreen despite the issue being patched in November 2023
-
SOC modernization and the role of XDRWhitepaper Automate security processes to deliver efficiencies across IT
-
Uncovering the ransomware threat from global supply chainsWhitepaper Effectively mitigate ransomware risk
-
The near and far future of ransomware business modelsWhitepaper Discover how criminals use ransomware as a cyberweapon
-
Trend Micro security predictions for 2023Whitepaper Prioritise cyber security strategies on capabilities rather than costs
-
'Potentially unsecured' SMBs are propping up an IT supply chain riddled with ransomwareNews More than half of IT supply chains have been impacted by ransomware attacks in recent years and organisations are failing to implement the necessary steps to prevent future damage
