Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Use SEO to bring Google search results to bank trojans
When you think you know all the tricks, malware teachers always have new tricks that surprise you.
A group has released the banking Zeus Panda trojans since June this year. But instead of using traditional malicious spam and advertising techniques, the group has a new, unprecedented way of distributing trojan banking ever.
Black hat SEO?
Zeus Panda group used the network to hack the website, carefully insert a key into the new page or hide the key inside the existing page. They use Google SERP (Search Engine Results Page) to rank hacked pages at the top of the search results page for certain queries, related to banks and Personal Finance.
For example, when a person searches for 'Al Rajhi bank's working hours during Ramadan', the resulting infected links will appear on top of Google's search results page.
Use SEO to bring Google search results to bank trojans Picture 1
Taking advantage of Google's SERP to bring users to the infected page
Users who click on these links will be redirected to the hacked page, thereby executing malicious JavaScript code in the background and moving the user to a series of pages until downloading a Word file.
Combine spam SEO and malicious advertising
Date-redirected URL strings are used for malicious ad campaigns, taking users from maliciously advertised pages to phishing tools, phishing technical support or counterfeit software updates.
Basically, Zeus Panda incorporates SEO spam botnet (including hacked key pages to increase the SEO reputation of other sites) with a unique ad-redirect chain - familiar exploit tool.
The Word file that users download will be similar to what you get through spam emails. The difference is just how it gets into your computer.
New version of the bank Zeus Panda trojan
This Word file will be based on users turning on the executable macro, starting a script sequence to install a new variant of the Zeus Panda banking trojan, analyzed by G Data here.https://cyber.wtf/2017/08/03/zeus-panda-down-to-the-roots/
Cisco Talos - who discovered the Zeus Panda banking distribution campaign via malicious advertising with this SEO - also released a detailed report, including Google queries that infected pages will display and inform. Add more about the new variant of Zeus Panda.http://blog.talosintelligence.com/2017/11/zeus-panda-campaign.html
See also: 10 most effective antivirus software for Windows 2017
Kareem WintersYou should read it
- Destroy ZeuS, the 'lord' of banking trojans
- New bank trojan detection on Android Red Alert
- Stolen bank account with Trojan Banking
- Detected 4 banking trojans in 11 apps on Google Play Store
- Trojan inserts ads into OS X browser
- Sophisticated spam Trojan unmatched
- Microsoft warned the Emotet trojan back on a large scale, stealing the victim's banking information
- How to 'defend' Zeus trojan
- Azorult Trojan steals user passwords while running in the background like Google Update
- What is a Trojan? How to avoid trojan attack?
- Smartphone was attacked by ZeuS Trojan virus
- LokiBot - bank trojan on Android turns into ransomware when you try to delete it
Maybe you are interested
Instructions for creating short videos using AI on ClipPanda
Warning: Panda Stealer malware is stealing your cryptocurrency
How to play Baby Panda: Take care of animals, game of BabyBus
Giant pandas in Hong Kong zoo finally mate after nine years of trying, bringing hope to a threatened species
How to Draw a Panda Using Microsoft Paint
How to import Excel data into Python scripts with Pandas
Attack the network
TorMoil vulnerability reveals true IP from Tor Browser- GIBON extortion code spread through spam
- Tor Project increases users' security and privacy with the new Onion generation
- Easily bypass the iPhone's authenticity thanks to the vulnerability on iOS 11
- 25% of the 1.9 billion passwords and usernames bought on the black market are Google accounts
- VNCERT issued an emergency alert warning malicious code exploiting Coinhive virtual money
TorMoil vulnerability reveals true IP from Tor Browser
GIBON extortion code spread through spam
Tor Project increases users' security and privacy with the new Onion generation
Easily bypass the iPhone's authenticity thanks to the vulnerability on iOS 11
25% of the 1.9 billion passwords and usernames bought on the black market are Google accounts
VNCERT issued an emergency alert warning malicious code exploiting Coinhive virtual money