Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Hackers Revive SEO Poisoning

July 10, 2025
Reading Time: 2 mins read
in Alerts
Hackers Revive SEO Poisoning

Cybersecurity researchers at Arctic Wolf have uncovered a sophisticated malicious campaign employing SEO-optimized fake landing pages to deploy a potent malware loader known as Oyster, also referred to as Broomstick or CleanUpLoader. Threat actors meticulously crafted numerous landing pages that are nearly identical in appearance to the legitimate websites for PuTTY and WinSCP, two widely used Windows tools for secure remote server connections. This deceptive strategy targets professionals in IT, cybersecurity, and web development who commonly search for these tools on Google, luring them into downloading malicious software from seemingly trustworthy sources.

The effectiveness of this campaign lies in its subtlety.

When a user lands on one of these fake pages, nothing immediately raises suspicion, and the downloaded tool functions as expected. However, unbeknownst to the user, this process also delivers the Oyster malware. Upon execution, Oyster installs a persistent backdoor, establishing a scheduled task that runs every three minutes and executes a malicious DLL (twain_96.dll) to maintain its presence on the compromised system. This clever persistence mechanism ensures that the malware remains active and difficult to remove.

Oyster itself is a stealthy malware loader designed to deliver additional malicious payloads onto infected Windows systems, often as part of more complex multi-stage attacks. It employs various evasion techniques, including process injection, string obfuscation, and command-and-control communication via HTTPS, all aimed at eluding detection by security software. Its primary function is to serve as a gateway for further malicious activities, allowing the attackers to deploy other malware or gain deeper access to the compromised system.

Arctic Wolf identified several fake website domains used in these attacks, including updaterputty[.]com, zephyrhype[.]com, putty[.]run, putty[.]bet, and puttyy[.]org. While the observed campaign primarily involved Trojanized versions of PuTTY and WinSCP, Arctic Wolf cautions that other popular software tools might also be exploited in a similar manner. This suggests a broader strategy by the threat actors to target a wider range of commonly used applications.

Given the deceptive nature of this campaign, IT professionals are strongly advised to exercise extreme caution when downloading software.

The best practice is to always obtain software directly from trusted and official sources, rather than relying on search engine results and clicking the top links. Manually typing in the official website address is a crucial step in mitigating the risk of falling victim to such SEO poisoning and software spoofing attacks.

Reference:

  • Hackers Resurface with SEO Poisoning and Software Spoofing Tactics, Posing New Threats
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJuly 2025
ADVERTISEMENT

Related Posts

Charon Ransomware Hits Middle East

Charon Ransomware Hits Middle East

August 15, 2025
Charon Ransomware Hits Middle East

Hackers Use CrossC2 to Target Linux, macOS

August 15, 2025
Charon Ransomware Hits Middle East

Zoom Patches Critical Windows Flaw

August 15, 2025

Android Malware Targets Banks

August 14, 2025
PS1Bot Malware Spreads via Ads

WP Plugin Flaw Threatens 70K Sites

August 14, 2025
PS1Bot Malware Spreads via Ads

PS1Bot Malware Spreads via Ads

August 14, 2025

Latest Alerts

Zoom Patches Critical Windows Flaw

Charon Ransomware Hits Middle East

Hackers Use CrossC2 to Target Linux, macOS

WP Plugin Flaw Threatens 70K Sites

Android Malware Targets Banks

PS1Bot Malware Spreads via Ads

Subscribe to our newsletter

    Latest Incidents

    Hackers Leak Allianz Life Data

    Croatian Institute Hit by Ransomware

    Norway Dam Breached by Pro-Russian Hackers

    Manpower Breach Hits 140K People

    GUR Hacks Russian Security Vendor

    Dutch Cervical Study Breach Widens

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial