Hackers use Blogger platform and fake websites to distribute spyware affecting users across multiple countries and languages.
Security researchers at Kaspersky have uncovered a sophisticated operation where criminals are exploiting Google's Blogger platform—a legitimate, trusted service—to deliver harmful software to unsuspecting computer users around the world. The attackers are casting a wide net, targeting people across different nations and languages, suggesting this isn't a random attack but rather a carefully planned, coordinated campaign.
The scheme works like a chain of delivery trucks, each passing a package to the next. First, thieves create fake websites that look legitimate, tricking users into downloading what appear to be innocent installation files. Inside these downloads, however, lies dangerous code. Once executed, this malicious software can establish hidden remote access to your computer—essentially handing the keys to criminals. From there, they deploy additional tools designed to steal sensitive information like passwords, financial data, and personal details.
What makes this particularly concerning is the use of well-known tools. The attackers are weaponizing ScreenConnect, a remote access program that businesses legitimately use for tech support, transforming it into an entry point for even more dangerous malware called AsyncRAT. Think of it like criminals using a taxi service to deliver contraband—the taxi itself is legal and trusted, but the contents are criminal.
This operation reveals how sophisticated modern cybercriminals have become. They're not just writing malware anymore; they're orchestrating multi-layered campaigns that abuse legitimate services and platforms. By using Blogger—owned by Google and trusted by millions—they gain credibility that helps their schemes succeed. When someone sees a file hosted on what appears to be a standard website, they're far less likely to question it.
The scale is also alarming. Kaspersky describes this as a "massive" operation spanning multiple countries and languages. This suggests the criminal group has resources, organization, and likely previous successes that funded their operations. They're not small-time operators; they're running what amounts to a criminal business.
Campaigns like this typically don't disappear overnight; they evolve. Criminals will likely adjust their methods as security researchers publish findings. This is an ongoing battle between protection and exploitation, and staying informed and cautious remains your strongest defense against becoming a victim.
The best protection is a combination of healthy skepticism, software diligence, and strong security practices applied consistently.
Want to understand the technology behind this story? ITVedas has beginner-friendly guides on every IT topic.
Explore IT Chapters →