com/s/pndxrpk8zmwjp3w/blender.zipĮxamining the Dropbox share details, we can see the following uploader properties: The malicious blender-s site contains a download link for “Blender 3.4” however, the download is delivered through a Dropbox URL rather than, and delivers a blender.zip file. Malicious blender-s Website Legitimate blender Website The top results, is a near exact copy of the legitimate Blender domain. January 18th 2023 SEO Poisoning Results for Blender 3D On January 18th we can see three malicious Blender 3D ads before the legitimate domain is listed. See screenshots others have collected for such examples of how these are not single malicious domains but rather a continuous flow of new activity after cleanup. Notably, the malicious ads being delivered by this search quickly shift, highlighting how the attackers are likely automating these efforts at scale, including both the SEO poisoning and the creation of malicious domains where they lead. Mimicking the actions of an unsuspecting user, we performed a routine Google search for “Blender 3D” and examined the Ad results presented at the top. In this post, we will examine an ongoing SEO Poisoning campaign related to Blender 3D, the open-source 3D graphics software, as an example of how these attacks are used to infect users via web searches. Ultimately, the attackers are most successful in these scenarios when they SEO poison the results of popular downloads associated with organizations that do not have extensive internal brand protection resources. One noteworthy example is the early 2022 report of BATLOADER and Atera Agent being delivered in such ways. However it is important to note attackers have used this technique in a variety of ways for years. In the vast majority of these cases, attackers aim to opportunistically infect unsuspecting users with commodity malware, as we will examine below. There is an increasing variety in the specifics of the malware delivery method, such as which searches produce the malicious advertisements and which malware being delivered. Industry colleagues have also observed this activity, as noted by vx-underground this week. In recent weeks there has been a noticeable increase in malicious search engine advertisements found in the wild– an attack method known as SEO Poisoning, which can be considered a type of malvertising (malicious advertising).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |