InfoSunrise – Daily Insights Across Tech, Travel, Lifestyle & More

Latest News, Trends & Expert Picks in One Place

Tech

Windows servers hijacked to boost Google rankings for dodgy gambling sites

Byadmin

Sep 5, 2025 #5G technology, #AI technology, #artificial intelligence, #augmented reality, #best laptops, #best tech apps, #blockchain, #cloud computing, #cryptocurrency, #cybersecurity, #digital transformation, #emerging tech, #future technology, #iOS vs Android, #latest inventions, #latest tech news, #machine learning, #new gadgets, #robotics, #smart home devices, #smartphones, #software updates, #tech, #tech comparisons, #tech industry news, #tech innovations, #tech reviews, #tech startups, #tech tips and tricks, #tech trends, #tech tutorials, #technology, #top tech of 2025, #virtual reality, #wearable tech
  • Chinese group GhostRedirector hijacked at least 65 Windows servers to boost shady gambling sites’ Google rankings
  • They used two new tools – Rungan and Gamshen
  • Attacks hit servers mainly in Latin America and South Asia, likely via SQL injection, across multiple industries

Dozens of Windows servers have been hijacked by a Chinese hacking group to boost Google’s rankings for shady gambling websites, experts have found.

Security researchers ESET have outlined the work called GhostRedirector, which started targeting Windows servers in December 2024, ultimately compromising at least 65 of them. After breaking into a server, they would deploy a variety of tools, including two brand new pieces of malware[1], called Rungan and Gamshen.

Rungan is a classic backdoor, while Gamshen is the one doing the search engine rank boosting. ESET describes it as a malicious Internet Information Services (ISS) trojan, which isn’t malware in the traditional sense, but rather a malicious native ISS module that runs directly within a Windows web server, selectively modifying HTTP responses, but only for Google’s web crawler, Googlebot.

South America and South Asia targeted

The goal is to inject either backlinks or SEO[2] content designed to artificially boost the gambling sites in Google search rankings.

What makes this trojan particularly stealthy is the fact that regular visitors are unaffected, and victim sites will only spot the intrusion after their SEO rankings plummet, or Google flags the site for suspicious behavior.

The majority of the infected servers were located in Latin America and South Asia – Brazil, Peru, Thailand, and Vietnam. Compromised servers were also discovered in the United States, but ESET believes the threat actors were primarily targeting South American and South Asian servers.

The hackers also don’t seem to be targeting any particular industry, since the attacks were seen in education, healthcare, insurance, transportation, technology, and retail verticals.

Initial access was probably achieved by exploiting an SQL injection bug, ESET concluded. From there, they deployed PowerShell to download Windows privilege escalation tools and droppers. From there, they dropped Rungan and Gamshen for the final stage of the attack.

Via The Register[3]

You might also like

References

  1. ^ malware (www.techradar.com)
  2. ^ SEO (www.techradar.com)
  3. ^ The Register (www.theregister.com)

By admin

Related Post

Tech

ExpressVPN’s new subscription plans – 5 key takeaways

Sep 5, 2025 admin
Tech

Peacemaker season 2 just confirmed David Ayer’s Suicide Squad movie is canon in the DCU with a simple line of dialog

Sep 5, 2025 admin
Tech

Not quite checkmate yet – thousands of Chess.com fans may have had details stolen in cyberattack, here’s what we know

Sep 5, 2025 admin

You missed

Politics

Should Florida’s state bird be the flamingo or scrub-jay? Jim Mooney says both in refiled bill

September 5, 2025 admin
Politics

Funeral services for ‘guiding force’ Ed Armstrong planned for end of month

September 5, 2025 admin
Politics

Jay Collins suggests ‘the Canadian way’ is not to fight back during home invasion

September 5, 2025 admin
Politics

Donald Trump – Donald Trump says grocery, energy prices are down. It’s a mixed bag for consumers so far.

September 5, 2025 admin