-: FOLLOW US :- @theinsaneapp
Black hat redirect malware campaign has scaled up using over 70 bogus domains.
-: FOLLOW US :- @theinsaneapp
Main objective is still ad fraud through artificially increasing traffic to pages with AdSense ID containing Google ads.
-: FOLLOW US :- @theinsaneapp
Campaign was first exposed in November 2022.
-: FOLLOW US :- @theinsaneapp
Active since September 2022, orchestrated to redirect visitors to fake Q&A portals.
-: FOLLOW US :- @theinsaneapp
Goal is to increase the authority of spammy sites in search engine results.
-: FOLLOW US :- @theinsaneapp
Campaign uses Bing search result links and Twitter's link shortener (t[.]co) service, along with Google.
-: FOLLOW US :- @theinsaneapp
Pseudo-short URL domains masquerade as popular URL shortening tools.
-: FOLLOW US :- @theinsaneapp
URL domains now hosted on DDoS-Guard, a Russian internet infrastructure provider.
-: FOLLOW US :- @theinsaneapp
It is a large and ongoing campaign of organized advertising revenue fraud.
-: FOLLOW US :- @theinsaneapp
Once the website is breached, the threat actor injects backdoor PHP code that allows for persistent remote access and redirects site visitors.