A persistent search engine optimization (SEO) poisoning assault campaign has been noticed, exploiting users’ trust in legitimate software applications to fool them into installing BATLOADER malware on infected workstations.
“The threat actor exploited SEO terms like ‘free productivity apps installation’ or ‘free software development tools installation’ to attract consumers to a compromised website and download a malicious installer,” Mandiant researchers wrote in a report released this week.