SEO poisoning
-
Iran-linked hackers use new MiniFast backdoor in campaign across U.S., Europe and Middle East
Iran-linked hackers used a new MiniFast backdoor in a campaign targeting aviation and software sectors across several regions, according to a technical analysis. The activity also involved fake job lures, trojanized installers and search engine poisoning.
-
Storm-2561 uses SEO poisoning to deliver trojan VPN clients that steal credentials
Microsoft disclosed a credential theft campaign that used SEO poisoning to deliver digitally signed trojan VPN clients that harvest credentials. The activity was observed in mid-January 2026 and is linked to Storm-2561.
-
Black Cat uses SEO poisoning to distribute backdoor, compromises about 277,800 hosts in China
A CNCERT/CC and ThreatBook technical analysis links the Black Cat gang to an SEO poisoning campaign that pushed fake software downloads and implanted a backdoor, compromising about 277,800 hosts in China between December 7 and 20, 2025.
-
Silver Fox uses fake Microsoft Teams installers in false-flag ValleyRAT campaign
Security researchers report that the Silver Fox group has run an SEO poisoning campaign since November 2025 that uses fake Microsoft Teams installers to deliver ValleyRAT to organisations in China; technical analysis from ReliaQuest and Nextron Systems details layered infection chains, false-flag indicators and the use of vulnerable drivers.
-
FBI says cybercriminals stole $262 million in account-takeover schemes since January
The FBI said cybercriminals impersonating banks have stolen more than $262 million in account-takeover attacks since January, with the IC3 receiving over 5,100 complaints; attackers use phishing, social engineering and fraudulent websites to capture credentials and move funds to cryptocurrency wallets.
-
Acronis warns of ongoing ‘TamperedChef’ malvertising campaign using signed fake installers
Acronis Threat Research Unit says operators are using signed counterfeit installers in a global malvertising campaign dubbed TamperedChef to deploy a JavaScript backdoor, with infections concentrated in the U.S. and several industries affected; some variants have been used for advertising fraud while broader motives remain unclear.
-
Microsoft revokes more than 200 certificates used in fake Teams ransomware campaign
Microsoft said it revoked over 200 code signing certificates used by a group tracked as Vanilla Tempest to sign fake Microsoft Teams installers that delivered the Oyster backdoor and Rhysida ransomware; the company said it detected the activity in late September 2025 and has updated protections to flag the malicious signatures.
-
Fake Microsoft Teams installers promoted in search ads deliver Oyster backdoor, researchers say
Search ads and SEO poisoning have been used to promote fake Microsoft Teams installers that deliver the Oyster backdoor to Windows machines, researchers said; the trojanized installer drops a DLL and creates a scheduled task for persistence.
-
SEO-poisoning BadIIS malware tied to Operation Rewrite targets East and Southeast Asia, researchers say
Security researchers say a Chinese-speaking actor is using the BadIIS malware in an Operation Rewrite SEO-poisoning campaign to hijack search results via a compromised IIS proxy, targeting East and Southeast Asia with Vietnam as a focus.
-
Cybercriminals Exploit Pope Francis’s Death to Launch Phishing Campaigns
In the aftermath of Pope Francis’s death, cybercriminals have seized the opportunity to exploit public interest through a range of phishing and scam campaigns. Experts caution users to remain vigilant and utilize security measures to protect against these malicious threats.
