A new SEO poisoning campaign is underway, dropping the Batloader and Atera Agent malware onto the systems of targeted professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio. These campaigns rely on the compromise of legitimate websites to plant malicious files or URLs that redirect users to sites that host malware disguised as popular apps.
Upon downloading and executing the software installers, the victims unknowingly infect themselves with malware and remote access software.
Poisoning search results
As part of this campaign, the threat actors perform search engine optimization (SEO) techniques to legitimate compromised sites into search results for popular applications.
The targeted keywords are for popular applications like Zoom, Microsoft Visual Studio 2015, TeamViewer, and others.