Storm-2561 Uses SEO Poisoning to Distribute Infostealer Malware via Fake VPN Clients

A malicious campaign attributed to the threat actor Storm-2561 employs SEO poisoning to manipulate search engine results, redirecting victims to attacker-controlled websites. These sites distribute fake VPN clients that conceal an infostealer malware, designed to exfiltrate corporate network credentials. The attack specifically targets users searching for VPN software, leveraging deceptive downloads to compromise authentication data. No specific dates, technical indicators (e.g., hashes, CVE IDs), or geographic targeting details were provided in the report. The primary impact involves the theft of login credentials, posing risks to organizational security.