Subj : Windows servers hijacked to boost Google rankings for dodgy gambl To : All From : TechnologyDaily Date : Fri Sep 05 2025 14:15:10 Windows servers hijacked to boost Google rankings for dodgy gambling sites Date: Fri, 05 Sep 2025 13:08:00 +0000 Description: Chinese hackers seen deploying new malware to boost Google rankings for shady sites. FULL STORY ======================================================================Chinese group GhostRedirector hijacked at least 65 Windows servers to boost shady gambling sites Google rankings They used two new tools - Rungan and Gamshen Attacks hit servers mainly in Latin America and South Asia, likely via SQL injection, across multiple industries Dozens of Windows servers have been hijacked by a Chinese hacking group to boost Googles rankings for shady gambling websites, experts have found. Security researchers ESET have outlined the work called GhostRedirector, which started targeting Windows servers in December 2024, ultimately compromising at least 65 of them. After breaking into a server, they would deploy a variety of tools, including two brand new pieces of malware , called Rungan and Gamshen. Rungan is a classic backdoor, while Gamshen is the one doing the search engine rank boosting. ESET describes it as a malicious Internet Information Services (ISS) trojan, which isn't malware in the traditional sense, but rather a malicious native ISS module that runs directly within a Windows web server, selectively modifying HTTP responses, but only for Googles web crawler, Googlebot. South America and South Asia targeted The goal is to inject either backlinks or SEO content designed to artificially boost the gambling sites in Google search rankings. What makes this trojan particularly stealthy is the fact that regular visitors are unaffected, and victim sites will only spot the intrusion after their SEO rankings plummet, or Google flags the site for suspicious behavior. The majority of the infected servers were located in Latin America and South Asia - Brazil, Peru, Thailand, and Vietnam. Compromised servers were also discovered in the United States, but ESET believes the threat actors were primarily targeting South American and South Asian servers. The hackers also dont seem to be targeting any particular industry, since the attacks were seen in education, healthcare, insurance, transportation, technology, and retail verticals. Initial access was probably achieved by exploiting an SQL injection bug, ESET concluded. From there, they deployed PowerShell to download Windows privilege escalation tools and droppers. From there, they dropped Rungan and Gamshen for the final stage of the attack. Via The Register You might also like Businesses wont need SEO experts anymore if Adobes one-click LLM Optimizer actually works as advertised Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/windows-servers-hijacked-to-boost-googl e-rankings-for-dodgy-gambling-sites --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .