The Reveal Platform
Intel Name: Seo poisoning attack targets chinese-speaking users with fake software sites
Date of Scan: September 15, 2025
Impact: High
Summary: In August 2025, Labs uncovered an SEO poisoning campaign targeting Chinese-speaking users. The attackers boosted the search rankings of malicious sites using SEO plugins and registered deceptive domains that closely resembled legitimate software websites. By subtly altering characters and using persuasive language, they lured victims into visiting spoofed pages and unknowingly downloading malware. Multiple fake websites were created to impersonate well-known software providers, distributing various malware families—most notably Hiddengh0st and variants of Winos. These threats were identified during our analysis of domains linked to monitored IP addresses. As SEO poisoning was the primary method used to deliver the malware, our article focuses specifically on that attack vector for clarity and brevity.
