A recent investigation by Zscaler's ThreatLabz has revealed a sophisticated black hat SEO campaign where threat actors hijack Google search results for AI platforms like ChatGPT and Luma AI. By creating SEO-optimized websites that appear legitimate, users searching for popular AI-related terms are unwittingly led to sites that deploy malware, including infostealers like Vidar and Legion Loader. The campaign utilizes advanced techniques such as browser fingerprinting and legitimate infrastructure on AWS cloud services, making detection challenging and effectively converting casual search queries into malware delivery paths.
Threat actors leverage popular AI platform searches to deploy malware via optimized web pages, illustrating a complex black hat SEO strategy aimed at unsuspecting users.
This attack employs legitimate infrastructure and advanced evasion techniques, enabling malware distribution within the high-demand traffic for AI tools.
Collection
[
|
...
]