New MiniFast and MiniJunk variants attack with phishing and SEO

Iranian cybercriminals have updated their tools with V2 versions of the MiniFast and MiniJunk malware. These variants are distributed through phishing campaigns and SEO poisoning, a technique that manipulates search results to redirect users to dangerous sites. The goal is clear: infect systems with malware that is now harder to detect and remove.

Iranian cyberattack operation center, multiple monitors displaying phishing emails and manipulated Google search results, malware binaries labeled MiniFast V2 and MiniJunk V2 being deployed through SEO poisoning, code injection process visible on a laptop screen, glowing red warning icons, network traffic lines connecting to infected servers, dark room with blue and red ambient lighting, hacker silhouette typing at keyboard, technical illustration style, cinematic composition, photorealistic render, detailed hardware interfaces and data cables, dramatic shadows, high contrast

Technical improvements in evasion and persistence of malware 🛡️

The V2 versions of MiniFast and MiniJunk incorporate advanced code obfuscation techniques and encrypted communication with command and control servers. Additionally, they employ more robust persistence mechanisms, such as modifying registry keys and creating scheduled tasks that reactivate after a reboot. This allows them to evade traditional antivirus solutions and remain active for longer periods on the infected system, facilitating data theft or remote control of the device.

When SEO leads you to digital ruin 😈

Now it turns out that even Google can be your worst enemy if you search for travel deals. Attackers have managed to get their malicious pages to appear in the top results, so if you were looking for a cheap flight, you could end up with a direct ticket to a botnet. Of course, at least the phishing comes with the thrill of not knowing whether you're buying a ticket or giving away your passwords.