Cybercriminals have a new malicious SEO management campaign underway. The goal of the campaign is to distribute the Batloader and Atera Agent malware on the systems of targeted professionals looking for downloads of productivity tools, such as Zoom, TeamViewer, and Visual Studio.
These campaigns are based on compromising legitimate websites to plant malicious files or URLs. The URLs redirect users to sites that host malware disguised as popular apps.
As part of this campaign, cybercriminals perform search engine optimization (SEO) techniques. This is to legitimize the compromised sites in the search results of popular apps.
It should be noted that if a user clicks on the search engine link, they are taken to the compromised site that includes a Traffic Direction System (TDS). Traffic steering systems are scripts that check various characteristics of a visitor. The TDS uses that information to decide whether to show them the legitimate web page or redirect them to another malicious site under the attacker’s control.
If a visitor is redirected, the malicious site displays a fake forum discussion. In the discussion one user asks how to get a particular app and another fake user provides a download link.
Of course, this is a hoax and if you click it, the site creates a bundled malware installer with the name of the desired application. As malware bundles include legitimate software, many users do not realize that they have also been inflicted with malware, which is why it is never recommended to access, let alone download, suspicious links.
