Cyber Security News

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious e-commerce websites, leveraging multiple SEO malware families to achieve their goal.

Three distinct threat actor groups were identified, each employing a unique malware family, with one group utilizing multiple families. One malware family’s C&C servers shared limited e-commerce site sets, differentiating it from others with independent lists. 

The proliferation of fraudulent e-commerce sites, particularly in Japan, poses a growing threat, as sites designed to deceive and exploit users have seen a significant surge in 2023, leading to increased financial losses and compromised personal information.

Threat actors deploy SEO malware on compromised websites to manipulate search engine rankings by injecting malicious code into legitimate sites, redirecting unsuspecting users to fraudulent e-commerce platforms for potential financial gain. 

When websites are compromised, these search engine optimization malwares are installed on those websites in order to intercept web server requests and return malicious content. 

By doing so, threat actors can send a crafted sitemap to search engines and index-generated lure pages, which contaminates the search results, making the URLs of compromised websites appear in searches for product names they do not actually handle.

Entity connections to create a Maltego graph for link analysis

SEO malware exploits search engine rankings by manipulating search results and redirects users to malicious websites, often disguised as legitimate e-commerce sites, through techniques like the Japanese keyword hack.

The study analyzed 227,828 fake e-commerce sites linked to six SEO malware families, collected from 1,242 C&C servers, and to mitigate this blackhat SEO threat, the researchers enhanced their Web Reputation System (WRS) to block these malicious sites. 

Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)

Using Maltego, Trend Micro analyzed the relationships between different threat actors and malware families by identifying four link types to construct a Maltego graph, revealing a potential scenario where three distinct threat actor groups employ unique malware families, while one group leverages multiple malware families.

Maltego graph within the dataset of the groups (red circles) and subgroups (blue circles).

It revealed that malware variants A, C, D, E, and F operated independently, each managing its own set of fake shopping sites on separate C&C servers, while malware B utilized shared lists of large-scale fake shopping sites across multiple C&C servers. 

E-commerce users should be vigilant against fraudulent shopping sites by scrutinizing URLs for uncommon domains and flagging suspiciously low prices compared to market norms.

Discount marketplaces and niche e-commerce platforms are selling a diverse range of products, including counterfeits of major brands, often bypassing traditional retail channels and leveraging less-known online platforms to reach consumers.

Specialty stores misrepresenting their product range and providing inaccurate company information, potentially engaging in deceptive business practices.

Analyze Unlimited Phishing & Malware with ANY.RUN For Free - 14 Days Free Trial.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

The Rise of AI-Generated Professional Headshots

It’s clear that a person’s reputation is increasingly influenced by their online presence, which spans…

7 hours ago

Hackers Abuse Google Ads To Attacking Graphic Design Professionals

Researchers identified a threat actor leveraging Google Search ads to target graphic design professionals, as…

10 hours ago

Hackers Using New IoT/OT Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And Firewalls

Recent cyberattacks targeting critical infrastructure, including fuel management systems and water treatment facilities in Israel…

10 hours ago

Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads

Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source…

10 hours ago

Hackers Weaponizing Microsoft Teams to Gain Remote Access

Recent cybersecurity research has uncovered a concerning trend where hackers are exploiting Microsoft Teams to…

11 hours ago

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every second,…

2 days ago