Researchers have spotted two campaigns linked to either the REvil ransomware gang or the SolarMarker backdoor that use SEO poisoning to serve payloads to targets. The actors inject sites with keywords that cover over 2,000 unique search terms, including “sports mental toughness,” “industrial hygiene walk-through,” “five levels of professional development evaluation,” and more. The optimized sites appear in search results as PDFs that, when visited, prompt a user to download the document. When they click on the download button, the users are redirected through a series of sites that ultimately drop a malicious payload.”]