Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label SEO. Show all posts
VPN
CyberCrime Cybersecurity CyberThreat Fake VPN Google malware SEO VPN

Malware Infections Surge from Fake VPN Downloads

 


An attacker is reportedly injecting malware into infected devices using popular VPN applications to gain remote control of the devices they are attacking. Google's Managed Defense team reported this disturbing finding, which sheds light on how malicious actors use SEO poisoning tactics to spread what is known as Playfulghost.

It has become increasingly important for individuals who prioritize the protection of their personal data and online privacy to use virtual private networks (VPNs). VPNs establish a secure, encrypted connection between users' devices and the internet, protecting their IP addresses and online activity against prying eyes. 

However, it should be noted that not all VPN applications are trustworthy. The number of fake VPN apps being distributed under the guise of legitimate services is increasing, stealing the sensitive information of unsuspecting users. Researchers have discovered that during the third quarter of 2024, fake VPN applications have become increasingly widespread globally, which is a worrying trend. In comparison to the second quarter, security analysts have reported a 2.5-fold increase in user encounters with fraudulent VPN apps.

These apps were either infected with malware or were built in such a way that they could be exploited by malicious actors. As a result of this alarming development, it is critical to be vigilant when choosing VPN services. Users should take precautionary measures when choosing VPN services and ensure that the apps they download are legitimate before downloading to safeguard their data and devices. 

As more and more home users turn to virtual private networks (VPNs) as a means to safeguard their privacy, to ensure their internet activity is secure, and to circumvent regional content blocks, these VPNs are becoming increasingly popular. Scammers and hackers are aware that the popularity of VPNs is growing, and so they intend to take advantage of that trend as much as possible. 

As an example, recently it has been found that some VPNs have been found to have security vulnerabilities that do not make them as secure as they should be. Playfulghost is a backdoor similar to Gh0st RAT, a remote administration tool that is well-known in the security community. According to Google's expert, Playfulghost is "a backdoor that shares functionality with Gh0st RAT." The latter has been around since 2008, and it is considered one of the best. 

The traffic patterns of Playfulghost can be distinguished from those of other known threats, especially in terms of encryption and traffic patterns. There are several ways hackers use phishing and SEO poisoning to trick their victims into downloading malicious software onto their computers, and according to a Google expert, one victim was tricked into opening a malicious image file for Playfulghost to run remotely from a remote location, which results in the malware being downloaded onto his computer. In the same vein, SEO poisoning techniques employed trojanized virtual private network (VPN) apps to download Playfulghost components from a remote server on the victims' devices (see GIF below). 

Infected with Payfulghost, an attacker can remotely execute a wide range of tasks on the device once it has been infected. It is particularly dangerous as a virus. Data mining is capable of capturing keystrokes, screenshots, and audio, as well as capturing screenshots. In addition to this, attackers can also perform file management activities, including opening, deleting, and writing new files. Security experts from Google have warned that a new malware threat has been detected that is very dangerous. It is known as Playfulghost and is distributed worldwide via fraudulent VPN apps. Researchers have warned that this scam uses sophisticated techniques to trick users into downloading infected VPN software, including what is called "SEO poisoning". 

There is something especially cruel about this latest cyberattack because signing up for one of the best VPN deals is usually an easy way to improve users' level of privacy and security online. Unfortunately, those who installed the fake VPN applications laced with malware in the last few days have now found themselves in the worst possible position due to the malware they have installed. As people know, the purpose of Playfulghost is to allow hackers to monitor every letter users type on their keyboard, a practice known as keylogging. 

It can also record audio from the built-in microphone on users' computers, laptops, tablets, or desktops, and it can also be used as a tool to record what they are seeing on the screen, which is often used for blackmail. The dangerous malware also enables attackers to remotely execute various file management activities, including opening, deleting, and writing new files, This can enable hackers to download and install other types of malware on machines infected with Playfulghost. Playfulghost also makes it possible for attackers to perform various file management activities remotely, such as opening, deleting, and creating files, allowing hackers to download and install other kinds of malware on computers infected with this dangerous malware. 

As it turns out, Playfulghost's functionality is quite similar to Gh0st RAT, which has wreaked havoc on PCs since 2001 and is now a public open-source tool, whose source code was released in 2008. Since this code is widely available, there have been several copies and clones created, including the latest variant. In addition to utilizing distinct traffic patterns and encryption, Google security researchers have pinpointed two methods by which the malware is being spread by hackers, according to their study. The first is using the infected computers' network cables and the second is via the Internet. 

 The first thing to know is that cybercriminals are utilizing phishing emails — unsolicited messages that entice people to download malicious software. One of the earliest examples that was spotted by Google's team involved emails with themes such as "Code of Conduct" which trick users into downloading the attached file, which turned out to be Playfulghost, a nasty infection. 

Another documented case has also been found in which a victim was tricked into opening a malicious image file and when they opened it in the background Playfulghost was automatically installed and activated on their computer from a remote server. Secondly, the malware may also be spread by bundling it with popular VPN apps in a process known as SEO poisoning. This method has been gaining popularity recently among virus creators. Search engine poisoning is the act of manipulating or hacking a search engine to make malicious downloads appear as an official import.
Read more »
Technology
Algorithm Filter Bubble Google Internet SEO Technology

Behind the Search Bar: How Google Algorithm Shapes Our Perspectives

Behind the Search Bar: How Google Shapes Our Perspectives

Search engines like Google have become the gateway to information. We rely on them for everything from trivial facts to critical news updates. However, what if these seemingly neutral tools were subtly shaping the way we perceive the world? According to the BBC article "The 'bias machine': How Google tells you what you want to hear," there's more to Google's search results than meets the eye.

The Power of Algorithms

At the heart of Google's search engine lies an intricate web of algorithms designed to deliver the most relevant results based on a user's query. These algorithms analyze a myriad of factors, including keywords, website popularity, and user behaviour. The goal is to present the most pertinent information quickly. However, these algorithms are not free from bias.

One key concern is the called "filter bubble" phenomenon. This term, coined by internet activist Eli Pariser, describes a situation where algorithms selectively guess what information a user would like to see based on their past behaviour. This means that users are often presented with search results that reinforce their existing beliefs, creating a feedback loop of confirmation bias.

Confirmation Bias in Action

Imagine two individuals with opposing views on climate change. If both search "climate change" on Google, they might receive drastically different results tailored to their browsing history and past preferences. The climate change skeptic might see articles questioning the validity of climate science, while the believer might be shown content supporting the consensus on global warming. This personalization of search results can deepen existing divides, making it harder for individuals to encounter and consider alternative viewpoints.

How Does It Affect People at Large?

The implications of this bias extend far beyond individual search results. In a society increasingly polarized by political, social, and cultural issues, the reinforcement of biases can contribute to echo chambers where divergent views are rarely encountered or considered. This can lead to a more fragmented and less informed public.

Moreover, the power of search engines to influence opinions has not gone unnoticed by those in positions of power. Political campaigns, advertisers, and interest groups have all sought to exploit these biases to sway public opinion. By strategically optimizing content for search algorithms, they can ensure their messages reach the most receptive audiences, further entrenching bias.

How to Address the Bias?

While search engine bias might seem like an inescapable feature of modern life, users do have some agency. Awareness is the first step. Users can take steps to diversify their information sources. Instead of relying solely on Google, consider using multiple search engines, and news aggregators, and visiting various websites directly. This can help break the filter bubble and expose individuals to a wider range of perspectives.

Read more »
US Department Of Justice
Algorithm Data Breach Data Leak Google Google Hacked Google Search History search engine SEO US Department Of Justice

Google Confirms Leak of 2,500 Internal Documents on Search Algorithm

 

In a significant incident, Google has confirmed the leak of 2,500 internal documents, exposing closely guarded information about its search ranking algorithm. This breach was first highlighted by SEO experts Rand Fishkin and Mike King of The Verge, who sought confirmation from Google via email. After multiple requests, Google spokesperson Davis Thompson acknowledged the leak, urging caution against making inaccurate assumptions based on potentially out-of-context, outdated, or incomplete information.  

The leaked data has stirred considerable interest, particularly as it reveals that Google considers the number of clicks when ranking web pages. This contradicts Google’s longstanding assertion that such metrics are not part of their ranking criteria. Despite this revelation, The Verge report indicates that it remains unclear which specific data points are actively used in ranking. It suggests that some of the information might be outdated, used strictly for training, or collected without being directly applied to search algorithms. 

Thompson responded to the allegations by emphasizing Google's commitment to transparency about how Search works and the factors their systems consider. He also highlighted Google's efforts to protect the integrity of search results from manipulation. This response underscores the complexity of Google's algorithm and the company's ongoing efforts to balance transparency and safeguarding its proprietary technology. The leak comes when the intricacies of Google's search algorithm are under intense scrutiny. 

Recent documents and testimony in the US Department of Justice antitrust case have already provided glimpses into the signals Google uses when ranking websites. This incident adds another layer of insight, though it also raises questions about the security of sensitive information within one of the world’s largest tech companies. Google’s decisions about search rankings have far-reaching implications. From small independent publishers to large online businesses, many rely on Google’s search results for visibility and traffic. 

The revelation of these internal documents not only impacts those directly involved in SEO and digital marketing but also sparks broader discussions about data security and the transparency of algorithms that significantly influence online behaviour and commerce. As the fallout from this leak continues, it serves as a reminder of the delicate balance between protecting proprietary information and the public’s interest in understanding the mechanisms that shape their online experiences. Google’s ongoing efforts to clarify and defend its practices will be crucial in navigating the challenges posed by this unprecedented exposure of its internal workings.
Read more »
SEO
Cyber Security digital data emerging asset class fund manager investment Safety SEO

Fund Manager Outlines Digital Data as Rising Asset Class

 

In a recent dialogue, Roundtable host Rob Nelson and Lisa Wade, CEO of wholesale fund manager DigitalX, explored the burgeoning data revolution, discussing the profound implications of data ownership and the transformative potential of Web3 and blockchain technology on traditional economic and investment frameworks.

Nelson initiated the conversation by emphasizing the dawn of the data revolution, highlighting the significant potential and influence of owning personal data. He suggested that as society becomes more aware of this potential, innovative applications of data will emerge, reshaping financial and economic paradigms. This perspective aligns with the growing belief that traditional economic models may soon be supplemented or challenged by new principles driven by advancements in data science and technology.

Wade contributed to the discussion by expressing her enthusiasm for recognizing data as a crucial asset class and the role of Web3 (and potentially Web5) in redefining data ownership. Her insights envisioned a future where individuals have control over their data, disrupting the traditional narrative surrounding data ownership. This shift, she argued, not only empowers individuals but also makes data more attractive for investment, diverging from the current landscape where personal financial information is fragmented and susceptible to online threats.

Additionally, Wade elaborated on DigitalX's innovative investment approach, employing a "universal scoring matrix" that utilizes data asset classifications to develop investment algorithms. This approach symbolizes a shift towards a new financial era where investment strategies are increasingly influenced by network effects and the intrinsic value of cryptocurrencies, rather than conventional metrics such as the Federal Reserve’s risk-free rate.

Referencing a Citigroup report, Wade described the current period as a "financial revolution," emphasizing the transition towards new financial models centered around staking rates within reputable networks. This transition is not merely theoretical but is being put into practice by DigitalX, demonstrating the tangible implications of these concepts on investment strategies and the broader economic landscape.
Read more »
Telegram
Amazon Bitcoin Cybeattacks Cyber Threats CyberCrime Cybersecurity OLVX SEO Telegram

Rise of OLVX: A New Haven for Cybercriminals in the Shadows

 


OLVX has emerged as a new cybercrime marketplace, quickly gaining a loyal following of customers seeking through the marketplace tools used to conduct online fraud and cyberattacks on other websites. The launch of the OLVX marketplace follows along with a recent trend in cybercrime marketplaces being increasingly hosted on the clearnet instead of the dark web, which allows for wide distribution of users to access them and for them to be promoted through search engine optimization (SEO). 

Research conducted by Zerofox cybersecurity researchers discovered that there is a new underground market called OLVX (olvx[.]cc) that was advertising a wide variety of hacking tools for illicit purposes and was linked to a large number of hacking tools and websites. 

Researchers at ZeroFox, who detected OLVX at the end of July 2023, have noted a marked increase in activity on the new marketplace in the fall, noticing that both buyers and sellers are increasing their activity on the marketplace. 

There have been several illicit tools and services offered to threat actors by OLVX since its launch on July 1, 2023. As opposed to the other markets that OLVX operates in, it focuses on providing cyber criminals with tools that they can take advantage of during the 2023 holiday peak season in retail. 

ZeroFox found that OLVX marketplace activity spiked significantly in fall 2023 due to more items selling on the marketplace, and buyers rushing to the new store to purchase those items. OLVX is estimated to be the result of leaked OLUX code from 2020/2021, according to an investigation. 

Post-leak stores use improved versions of OLUX code, even though the old OLUX code is outdated. For better accessibility and better web hosting, OLVX hides the contents of its website on Cloudflare. For customer growth, OLVX does not make use of the dark web; instead, it relies on SEO and forums to grow customers.

For customer support, OLVX runs a Telegram channel to provide support. The company's reputation and earnings are boosted by strong relationships with its customers.  Unlike most other markets of this nature, OLVX does not rely on an escrow service to ensure funds are protected.

Instead, it offers a "deposit to direct payment" system which supports Bitcoin, Monero, Ethereum, Litecoin, TRON, Bitcoin Cash, Binance Coin, and Perfect Money as cryptocurrencies. By doing this, users are encouraged to spend more, because funds are always available, so browsing leads to more frequent purchases for the user. 

To maintain privacy and security, customers who are running low on funds are advised to use time-limited anonymous cryptocurrency addresses to "top-off" their accounts, in order to maintain funds. During the holiday season, OLVX and similar marketplaces thrive as cybercriminal hubs, supplying tools for targeting campaigns to cybercriminals during the colder months. 

On the site, OLVX offers hosting via Cloudflare and advertises DDoS protection through Simple Carrier LLC, which is a substandard hosting provider.  Consumers are increasingly putting their security at risk as they shop. 

OLVX is one of the leading tools that criminals use during the holiday season for illicit activities, making this the time of year when criminals run their heists. Due to the unique nature of the platform, an independent verification team can not verify that the above quality and validity claims are accurate, however, users believe that OLVX's rising popularity and established reputation lend credibility to the majority of the claims. 

Interestingly, Zerofox indicates that fraudulent activity on the platform starts to increase as users get closer to the holiday shopping season, which means that buyers should maintain heightened vigilance so as to avoid scams and identify fraud.
Read more »
website optimization
content creation digital marketing keyword research online presence online strategy search engine ranking SEO Social Media web analytics website optimization

China Issues Warning About Theft of Military Geographic Data in Data Breaches

 

China issued a cautionary notice regarding the utilization of foreign geographic software due to the discovery of leaked information concerning its critical infrastructure and military. The Ministry of State Security, while refraining from assigning blame, asserted that the implicated software contained "backdoors" deliberately designed for unauthorized data access.

Prompted by this revelation, the Chinese government has called upon organizations to conduct thorough examinations for potential security vulnerabilities and incidents of data breaches. Through its official WeChat account, the government emphasized that foreign software had collected data encompassing state secrets, posing a substantial threat to China's national security.

The compromised data reportedly involves precise geographic information and three-dimensional geomorphological mapping crucial to key sectors such as transportation, energy, and the military, as reported by Reuters. Against the backdrop of heightened global tensions, China has prioritized enhancing the security of vital industries, particularly in response to increased geopolitical tensions with Taiwan and ongoing reassurances from the United States to the island nation.

Suspicions surround China's involvement in recent cyberattacks targeting U.S. infrastructure, purportedly aimed at formulating a strategic playbook for potential conflicts between the two superpowers. In parallel, the United States has taken proactive measures to bolster its domestic semiconductor production for military applications. 

Through substantial investments, as outlined in the CHIPS Act, the U.S. aims to establish semiconductor factories across the country, deeming this move crucial for national security. The rationale behind this initiative lies in mitigating the risk of Chinese espionage associated with current semiconductor imports from East Asian production hubs.
Read more »
SEO
Analytics Cybersecurity Google Google URLs Mobile Security SEO

Google Completes Mobile-First Indexing After 7 Years


Google has finally announced that it has completed its mobile-first indexing initiative, which means that it will use the mobile version of websites for indexing and ranking purposes. This is a major change that affects how Google crawls, indexes, and ranks web pages, and it has implications for webmasters, SEOs, and users alike. In this blog post, we will explain what mobile-first indexing is, why it matters, and how you can optimize your website for it.

What is Mobile-First Indexing?

Mobile-first indexing is a process that Google uses to determine which version of a website to use for indexing and ranking. It means that Google will use the mobile version of a website as the primary source of information, and the desktop version as a fallback option. This differs from the previous approach, where Google used the desktop version as the primary source of information, and the mobile version as a secondary option.

Google started experimenting with mobile-first indexing in November 2016 and gradually rolled it out to more and more websites over the years. On October 31, 2023, Google announced that it had completed the switch to mobile-first indexing for all websites and that it would stop using its legacy desktop crawler and remove the indexing crawler information from Google Search Console.

Why Does Mobile-First Indexing Matter?

Mobile-first indexing matters because it reflects the growing importance of mobile devices and user experience. According to Google, more than half of the global web traffic comes from mobile devices, and users expect fast and easy access to information on any device. Therefore, Google wants to ensure that its search results are relevant and useful for mobile users and that its ranking algorithm is aligned with the mobile web.

Mobile-first indexing also matters because it affects how webmasters and SEOs optimize their websites for Google. If a website has different versions for desktop and mobile, or if the mobile version is not optimized for speed, usability, and content, it may suffer from lower rankings and traffic. Therefore, webmasters and SEOs need to make sure that their websites are mobile-friendly and consistent across devices.

How to Optimize Your Website for Mobile-First Indexing?

To optimize your website for mobile-first indexing, you need to follow some best practices that Google recommends. Here are some of them:

  • Use responsive web design, which adapts to the screen size and orientation of the device. This way, you can have one website that works well on both desktop and mobile and avoid having duplicate or conflicting content.
  • Ensure that your mobile version has the same content and functionality as your desktop version and that it is not missing any important information or features. For example, do not hide or remove text, images, videos, or links on mobile, and do not use different URLs or redirects for mobile and desktop.
  • Optimize your mobile version for speed, usability, and accessibility. For example, use compressed images, minified code, and lazy loading techniques to reduce the loading time, use clear and legible fonts, buttons, and menus to improve readability and navigation, and use descriptive and concise titles, headings, and meta tags to enhance the visibility and relevance.
  • Test and monitor your mobile version using Google's tools and resources. For example, use the Mobile-Friendly Test, PageSpeed Insights, and the Lighthouse tools to check the performance and quality of your mobile version, and use the Google Search Console and Google Analytics to track the indexing and traffic of your mobile version. 

What's next for Google?

Mobile-first indexing is a significant milestone for Google and the web industry, as it shows the shift from desktop to mobile as the primary platform for web browsing and searching. It also presents new challenges and opportunities for webmasters and SEOs, who need to adapt their websites to the mobile web and provide the best possible experience for their users. By following the best practices and using the tools that Google provides, you can optimize your website for mobile-first indexing and benefit from the mobile web.

Read more »
User Privacy
Cobalt Strike Malicious Payloads malware PowerShell SEO User Privacy

Gootkit Loader: Targets Victims via Flawed SEO Tactics

 

Gootkit previously concealed dangerous files using freeware installers and now, it is deceiving users to download these files by engineering them as lawful documents. Looking at a flag for a PowerShell script, researchers were able to stop it from doing any harm and from delivering its payload. This approach was discovered through managed extended detection and response (MxDR). 

In order to compromise unwary users, the creators of the Gootkit access-as-a-service (AaaS) virus have reemerged. Gootkit has a history of disseminating threats including the SunCrypt ransomware, REvil (Sodinokibi) malware, Kronos trojans, and Cobalt Strike via fileless tactics.

The discoveries add to a prior report by eSentire, which stated in January that numerous attacks targeted the staff of accounting and law companies to propagate malware on compromised systems.

Gootkit is a tool of the rising underground ecosystem of access brokers, who are well-known for charging money to provide other hackers access to corporate networks, opening the door for real destructive operations like ransomware.
 
Upgraded Tactics

A search engine user initiates the attack chain by entering a specific query. A website infiltrated by Gootkit operators is displayed among the results using a black SEO method used by hackers.

The website is presented to the victim as an online forum that answers his question directly when they visit it. The malicious.js code, which is used to create persistence and inject a Cobalt Strike binary into the target system's memory, was housed in a ZIP download that was made available by this forum.

"The obfuscated script that was run when the user downloaded and accessed this file used registry stuffing to install a section of encrypted codes in the registry and add scheduled tasks for persistence. Then, utilizing PowerShell's reflective loading of the encrypted registry code, the Cobalt Strike binary that runs entirely in memory was rebuilt," reads Trend Micro's analysis.

Experts drew attention to the fact that proprietary text replacement technology has replaced base64 encoding in encrypted registries.

The Cobalt Strike binary loaded straight into the victim's system's RAM has been seen connecting to the Cobalt Strike C2's IP address, which is 89[.]238[.]185[.]13. The major payload of Cobalt Strike, a tool used for post-exploitation actions, is the beacon component.

Defensive measures

This case demonstrates,  that Gootkit is still active and developing its methods. This danger demonstrates that SEO poisoning continues to be a successful strategy for enticing unwary users. 

User security awareness training, which tries to enable people to identify and defend themselves against the most recent risks, is something that organizations can do to help. 

This incident emphasizes the value of round-the-clock supervision. Notably, cross-platform XDR stopped this assault from getting worse since it allowed us to rapidly isolate the compromised system and prevent the threat from causing more harm to the network.
Read more »
Subscribe to: Posts (Atom)