Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

New China-Aligned Crew Poisons Windows Servers for SEO Fraud

GhostRedirector exploited SQL injection vulnerabilities to install custom malware on at least 65 Windows servers globally, manipulating Google search rankings to promote gambling sites, ESET reported.

  • Over the past year, ESET Research identified GhostRedirector, which compromised at least 65 Windows servers mainly in Brazil, Thailand, Vietnam, and the United States.
  • By exploiting probable SQL injection flaws, GhostRedirector uses PowerShell to download tools from staging server 868idcom, deploying Rungan, Gamshen, EfsPotato, and BadPotato exploits.
  • Technical analysis shows Gamshen IIS module alters responses only for Googlebot, creating artificial backlinks to boost target sites; "The response is modified based on data requested dynamically from Gamshen's C&C server," Fernando Tavella, ESET researcher, wrote.
  • ESET has informed affected organizations and is monitoring; compromises spanned education, healthcare, insurance, transportation, technology, retail sectors, mainly in South America and South Asia.
  • Analysts note attribution indicators pointing to China-aligned origins with medium confidence, referencing Shenzhen Diyuan Technology Co., Ltd. and similar IIS-based campaigns like IISerpent and DragonRank active from August 2024 to June scan.
Insights by Ground AI
Does this summary seem wrong?

13 Articles

Tech RadarTech Radar
Reposted by
technewstube.comtechnewstube.com
Center

Windows servers hijacked to boost Google rankings for dodgy gambling sites

Chinese hackers seen deploying new malware to boost Google rankings for shady sites.

·United Kingdom
Read Full Article
20minutos20minutos
Center

China Poisons Google Search Engine and Sneaks Back Doors on Windows

A new threat actor related to China and known as GhostRedirector has poisoned Google's search engine, in addition to infecting Windows servers.

·Madrid, Spain
Read Full Article
The RegisterThe Register
Center

New China-aligned crew poisons Windows servers for SEO fraud

: Defrauding search with custom malware, Potato-family exploits

Read Full Article
Globe NewswireGlobe Newswire
Center

ESET Research discovers new Chinese threat group: GhostRedirector manipulates Google, poisons Windows servers with backdoors

ESET Research observed at least 65 Windows servers compromised, based on an internet scan from June 2025.ESET believes that a previously unknown,...

Read Full Article
T21T21

Ghostredirector Manipulates Google and Attacks Windows

Advert: Red Hat ESET's open hybrid cloud identified at least 65 committed Windows servers, mainly in Brazil and Peru, which seeks to manipulate Google's search results to position malicious sites. ESET's research team, a proactive threat detection company, discovered a new malicious actor aligned to China, who has been named GhostRedirector. In June 2025, this malicious actor committed at least 65 Windows servers, mainly in Brazil, Peru, Thailan…

Read Full Article
uniradiosonora.comuniradiosonora.com

Eset Alerts About Ghostredirector, Attack on Windows Servers - Uniradio Informa Sonora

ESET identifies at least 65 committed Windows servers, mainly in Brazil and Per, which seeks to manipulate Google's search results to position malicious sites.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

Globe Newswire broke the news in on Thursday, September 4, 2025.
Sources are mostly out of (0)

Similar News Topics

Google icon

Google

Windows icon

Windows

Technology icon

Technology

Red Hat icon

Red Hat

China icon

China

Brazil icon

Brazil

News
For You
SearchBlindspotLocal