SolarMarker backdoor malware operators are using “SEO poisoning” techniques to deploy the remote access Trojan. They use thousands of PDF documents stuffed with SEO keywords and links that start a chain of redirections eventually leading to the malware. Microsoft says that the SEO poisoning technique is widespread and Microsoft Defender Antivirus has detected and blocked thousands of the hackers’ PDF documents in numerous environments. In April, cybersecurity firm eSentire found hackers had flooded the web with 100,000 malicious pages that promised professionals free business forms but were actually delivering malware.”]
Source: https://www.cuinfosecurity.com/how-seo-poisoning-used-to-deploy-malware-a-16882