An SEO poisoning attack is seen distributing the Atera Agent and Batloader malware which threat actors initiated to target professionals seeking productive tools such as TeamViewer, Visual Studio, and Zoom.
Experts stated that the threat actors push SEO strategies to poison Google search results by ranking fake sites as the most searched keywords. In this SEO campaign, the threat actors target MS Visual Studio, TeamViewer, and Zoom since these apps are the most used and searched apps during this pandemic.
Once a visitor accesses the malicious search result link, they will be redirected by the threat actors to a readily made compromised site with a Traffic Direction System or TDS.
After the target is redirected to the compromised site, the site will portray a fake forum discussion where a username will be required from the visitor to join. If the victim complies with the required username, they will be offered a phoney user that will provide a download link for their needed file.
Clicking the download link develops a package malware installer utilising the name of the wanted application. Unfortunately, individuals fall prey to these lures since the legitimacy of the software is true in most cases.
If the downloaded installer from the SEO poisoning attack starts operating, two infection chains will deploy malware payloads on the victim’s system.
The first infection method installs fake software attached with Ursnif, Batloader, and Atera Agent. The second stage of infection installs an Atera Agent malware without the other malware loading steps.
Moreover, the first infection method utilised an MSHTA to operate a genuine Windows DLL attached with compromised VBScript to tamper Defender settings and include specific exclusions.
The recent SEO poisoning campaign indirectly portrays the demand for data targeting professional individuals. Experts advise everyone that downloading helpful and productive apps from unknown sources or third-party websites is never a good idea since threat actors will always exploit these references.
Instead, it is still safer to download apps from official stores to avoid getting infected by malware.
