Ransomware Gangs Use SEO Poisoning To Infect Visitors
https://www.bleepingcomputer.comResearchers have spotted two campaigns linked to either the REvil ransomware gang or the SolarMarker backdoor that use SEO poisoning to serve payloads to targets.
SEO poisoning, also known as “search poisoning,” is an attack method that relies on optimizing websites using ‘black hat’ SEO techniques to rank higher in Google search results. The optimized sites appear in search results as PDFs that, when visited, prompt a user to download the document, when they click on the download button, the users are redirected through a series of sites that ultimately drop a malicious payload.
The attackers heavily targeted sites in the business category, likely because they commonly host PDFs in the form of guides and reports.