Google is warning Internet users. Google search results are currently being invaded by malicious websites promoting fraudulent VPN tools. To trap users, cybercriminals have developed sites that offer to download popular VPNs, such as LetsVPN.
Playfulghost malware
Unfortunately, these sites allow you to download malicious iterations of VPNs. In the code of these fake versions, hackers have indeed slipped a dangerous malware, called Playfulghost.
Once deployed on its targets' computers, the virus will take complete control of it. As Google researchers explain, Playfulghost has a control module similar to that of Gh0st RAT (Remote Access Terminal), a malware used to control a machine remotely in operation since 2008. Google describes the virus as a "backdoor that shares features with Gh0st RAT". Playfulghost is also a variant born from the provision of the Gh0st RAT source code by its creators.
With the control module, hackers can notably open, delete and create new files on the machine. Worse, the virus can take screenshots or audio of everything that happens on the PC. Finally, the malware contains a keylogger, a tool that can record everything a user types on their keyboard. It is used to steal personal and sensitive data, such as passwords and identifiers. In other words, Playfulghost is a serious threat to the privacy and confidentiality of Internet users.
The Danger of SEO Poisoning
To ensure that their sites appear high in Google results, cybercriminals rely on a tactic called "SEO poisoning". This malicious strategy, increasingly used by criminals, aims to manipulate search engines to propel malicious websites to the top of the results. Cybercriminals exploit classic SEO (Search Engine Optimization) methods, such as integrating targeted keywords into the algorithms and positioning their fake sites among the first on Google.
This strategy is formidable. In general, Internet users do not trust sites that appear at the top of a search engine results. They assume that the sites highlighted must necessarily be reliable. This is not the case. This is not the first time that the Google search engine has been tricked by hackers. Last year, hackers already used SEO to display ads for fake VPN sites on Google. Again, these sites were used to spread viruses.
According to Google's investigations, the Playfulghost malware also spreads through phishing emails. In these cases, hackers sometimes hide the virus in jpg images, which helps to evade detection.
Source: Google
0 Comments