SEO Poisoning Attack Delivers Trojanized IT Tools
Arctic Wolf has reported a new SEO poisoning attack promoting malicious websites that host Trojanized versions of IT tools such as PuTTY and WinSCP.
“These fake sites aim to trick unsuspecting users – often IT professionals – into downloading and executing Trojanized installers. Upon execution, a backdoor known as Oyster/Broomstick is installed,” says Andres Ramos in the company’s security bulletin.
Arctic Wolf recommends blocking the following specific domains to prevent user access and reduce exposure to these Trojanized versions:
- updaterputty[.]com
- zephyrhype[.]com
- putty[.]run
- putty[.]bet
- puttyy[.]org
Learn more at Arctic Wolf.
Related content
- Official ASUS Update Tool Compromised
- Turla Malware Variant Targets Linux
-
Arp Cache Poisoning and Packet Sniffing
Intruders rely on arp cache poisoning to conceal their presence on a local network. We'll show you some of the tools an attacker might use to poison the arp cache and gather information on your network.
-
Halting the ransomware blackmail wave
In the tsunami of ransomware infections this year, the Locky encryption trojan is a high-water mark. With a constant stream of novel attack patterns, this continually evolving pest makes life difficult for IT managers, users, and security vendors. Here's how to protect yourself. - Bad Trojan Threatens Two Thirds of All Android Devices