In the last few days, thanks to the work of Securonix Threat Researchit was possible to identify a new and fearsome malwarecapable of exploiting some refined strategies to spread online.
We are talking about SEO#LURKERmalware that is promoted through techniques such as SEO Poisoning e fake ads on Google. The campaign apparently lures potential victims by offering legitimate software, i.e WinSCPto which cybercriminals incorporate the malicious agent.
By placing their sites, both through advertising and with the organic positioningat the top of the SERP by Google, it is easy for cybercriminals to convince users to download the aforementioned program.
WinSCP is quite popular software, which allows SSH/SCP connections and which, over the years, has gathered a rather large user base. Precisely this large number of people, apparently, attracted unpleasant attention.
SEO#LURKER, the new malware that exploits SEO Poisoning and malvertising to spread online
On the other hand, it should be taken into account that WinSCP has already been the victim of similar operations. Not long ago, in fact, a campaign ransomware exploited this application to spread online.
Beyond SEO#LURKER, what is worrying is the increasingly frequent application of advanced techniques to spread malware. Malvertising and SEO Poisoning, in fact, are increasingly popular among cybercriminals. By combining these strategies with keyword particularly sought after search enginethe potential of these campaigns can be nothing short of devastating.
To make their campaign even more effective, the authors purchased domains similar to the original one linked to the program, i.e winscp.net. In reality, when a user clicks on the link proposed by Google, he is directed to a malicious site. Here is proposed a zip archivewhich contains the modified version of legitimate software.
Avoiding this type of threat is not easy. In addition to the adoption of adequate protections, with antivirus and similar instruments, it is always a good idea to carefully check theURL of a site before downloading the desired app.