A new China-aligned cybercrime crew named GhostRedirector has compromised at least 65 Windows servers worldwide - spotted in a June internet scan - using previously undocumented malware to juice gambling sites' rankings in Google search, according to ESET researchers.

The infections began in December, although other related malware samples indicate the group has been active since at least August 2024, the security firm's threat intel team noted.

GhostRedirector uses a variety of custom tools, including two never-seen-before pieces of malware that the researchers dubbed Rungan, which is a passive C++ backdoor, and Gamshen, a malicious Internet Information Services (IIS) trojan that manipulates Google search results for Search Engine Optimization (SEO) fraud.

The victim sites then show ve

See Full Page