Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
SEO-Poisoned Sites Exploit ScreenConnect for Malware

SEO-Poisoned Sites Exploit ScreenConnect for Malware

Posted on July 1, 2026 By CWS

Threat actors are exploiting the ScreenConnect remote access tool to deploy AsyncRAT, a malicious software, through a campaign characterized by extensive SEO manipulation. This operation has been identified as widespread, involving multiple domains and languages, thus posing a significant threat to users worldwide.

Details of the Malicious Campaign

According to Kaspersky, a cybersecurity firm, the campaign involves distributing harmful installer packages on counterfeit websites. These packages are disguised as well-known software applications such as OBS Studio, DNS Jumper, and Bandicam. The attackers have created over 90 domain names across various languages, including English, Chinese, and Spanish, with some domains being established between August 2025 and March 2026.

The attackers utilize a technique known as DLL side-loading to execute their malicious intent. Legitimate Microsoft installation binaries are paired with a rogue DLL library, enabling the deployment of the ScreenConnect service. This service is then used to maintain control over compromised systems.

Technical Execution and Impact

Once deployed, ScreenConnect executes a PowerShell script that modifies Microsoft Defender settings and disables User Account Control prompts. The script further generates a Visual Basic Script (VBScript) that orchestrates the attack by creating and executing additional scripts, which facilitate the extraction and execution of the AsyncRAT module through process hollowing.

This method grants the threat actors unauthorized access to Windows systems, allowing them to steal data and monitor user activities discreetly. The threat is further compounded by the creation of a scheduled task that ensures the malware persists by re-executing the attack scripts after system reboots.

SEO Manipulation and Distribution Strategy

The attackers have adeptly used search engine optimization techniques to elevate the visibility of fraudulent sites in search results. By mimicking official product pages, these sites appear legitimate, increasing the likelihood of user interaction and subsequent system compromise. This tactic highlights the evolving strategies of cybercriminals in leveraging SEO to enhance their reach and efficacy.

As these deceptive practices continue to evolve, it is crucial for users and organizations to exercise caution and employ robust security measures to mitigate such threats. The ongoing monitoring and updating of cybersecurity defenses are imperative to counteract these sophisticated attacks.

The Hacker News Tags:AsyncRAT, cyber threats, Cybersecurity, DLL side-loading, Kaspersky, Malware, persistence mechanisms, PowerShell, process hollowing, remote access tool, ScreenConnect, search engine optimization, SEO poisoning, Threat Actors, Visual Basic Script

Post navigation

Previous Post: Enhancing Cybersecurity Intelligence with OpenCTI
Next Post: Microsoft Enhances Teams Security to Block Unauthorized AI Bots

Related Posts

Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft The Hacker News
Credential-Stealing Attack Hits SAP npm Packages Credential-Stealing Attack Hits SAP npm Packages The Hacker News
20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack 20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack The Hacker News
What 2025 Is Teaching Us About Cloud Defense What 2025 Is Teaching Us About Cloud Defense The Hacker News
North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware The Hacker News
Linux Kernel Vulnerability Exposes Root Access Risk Linux Kernel Vulnerability Exposes Root Access Risk The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Teen Hacker Extradited to U.S. for Cybercrime Charges
  • Tackling Alert Fatigue: Boost SOC Efficiency with Smart Strategies
  • Vulnerability in Argo CD Allows Kubernetes Cluster Takeover
  • Microsoft 365 Under Attack: 81 Million Login Attempts Recorded
  • Microsoft Enhances Teams Security to Block Unauthorized AI Bots

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Teen Hacker Extradited to U.S. for Cybercrime Charges
  • Tackling Alert Fatigue: Boost SOC Efficiency with Smart Strategies
  • Vulnerability in Argo CD Allows Kubernetes Cluster Takeover
  • Microsoft 365 Under Attack: 81 Million Login Attempts Recorded
  • Microsoft Enhances Teams Security to Block Unauthorized AI Bots

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark