A new trojan, ChimeraWire, has been identified that manipulates search engine rankings by simulating real user activity through Google Chrome. Researchers at Doctor Web detailed the malware's operation, which focuses on boosting website visibility rather than traditional data theft, as reported by HackRead.ChimeraWire operates by automating searches, loading target websites, and simulating clicks using a hidden instance of Chrome downloaded and run in debug mode. The malware is delivered through a multi-stage infection process involving downloader trojans, privilege escalation, and system persistence techniques. One chain begins with a downloader checking for virtual environments, then downloading a Python script and a malicious DLL. The second chain uses a downloader that mimics a legitimate Windows process and exploits COM interface vulnerabilities. Once installed, ChimeraWire downloads a specific Chrome build, adds extensions to bypass CAPTCHAs, and connects to a command-and-control server for instructions on search, site loading, and click simulation. It employs probabilistic click patterns and random pauses to evade bot detection systems.The primary function of ChimeraWire appears to be inflating website traffic for dubious affiliate marketing or SEO manipulation. While current capabilities focus on traffic generation, the malware's design allows for potential expansion into broader automation or data scraping. Security teams should monitor for unsigned Chrome processes at startup, PowerShell downloaders, and scheduled tasks associated with Python or Chrome activity to detect and mitigate this threat.Source: HackRead
Malware, Security Operations
ChimeraWire trojan manipulates search engine rankings

SEO poisoning attacks still impacting legitimate websites
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds


