Security researchers at ESET have identified a new hacker group called GhostRedirector, which has been compromising Windows servers using unique and sophisticated tools. The primary motive behind this group’s activity appears to be providing SEO fraud as-a-service, manipulating search engine rankings to achieve favorable results on behalf of unauthorized third parties.
One of the group’s primary tools, named Rungan, installs a backdoor on targeted machines, enabling the attackers to establish control and deploy additional malware if needed. Another tool, Gamshen, operates as a malicious Internet Information Services (IIS) module that alters the responses sent back to Googlebot, redirecting traffic away from legitimate sites.
GhostRedirector also exploits known vulnerabilities such as EfsPotato and BadPotato, enabling them to create new administrative user accounts. This tactic allows them to install their custom malware and maintain their operations on compromised servers.
Once a server is infected, it becomes a conduit, relaying requests from Googlebot to a server controlled by the hackers, which then sends manipulated responses back to Googlebot. These responses point the crawler towards third-party websites, thereby undermining the search engine’s integrity. Fortunately, users visiting affected websites should not experience any direct harm since the group’s focus is on altering search engine outcomes rather than infecting individual users with malware.
ESET has proactively contacted organizations potentially impacted by these attacks, urging them to secure their Windows servers and remove the malicious software to prevent further exploitation. More information can be found in ESET’s research on GhostRedirector.
Hudson Valley Host is premier provider of cutting-edge hosting solutions, specializing in delivering a seamless online experience for businesses and individuals. We offer a comprehensive range of hosting services, including Shared Hosting, VPS, Dedicated Servers, and Colocation. With 24/7 technical support, robust security measures, and user-friendly control panels, we empower clients in managing their online presence effortlessly. Hudson Valley Host is your trusted partner in achieving online success.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@hudsonvalleyhost.com.
