Black Hat SEO Poisoning Search Engine Results For AI to Distribute Malware
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Threat actors are exploiting the popularity of AI tools by using Black Hat SEO techniques to poison search engine rankings for AI-related keywords. These malicious websites redirect users through multiple layers to deliver malware such as Vidar, Lumma, and Legion Loader. The attackers employ sophisticated JavaScript to collect browser data, perform fingerprinting, and evade detection. The malware payloads are often packaged in large installer files to bypass sandboxes. The campaign uses trusted platforms like WordPress and AWS CloudFront to appear legitimate. Victims are lured through high-ranking search results for AI topics, leading to infection chains involving stealer malware and cryptocurrency-stealing browser extensions.
OPENCTI LABELS :
lumma,vidar,legion loader,stealer malware,search engine poisoning,browser fingerprinting
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Black Hat SEO Poisoning Search Engine Results For AI to Distribute Malware