InfoSecBulletin Cybersecurity for mankind
Indian government and educational websites, along with reputable financial brands, have experienced SEO poisoning, causing user traffic to be redirected to dubious sites promoting rummy and other investment games.
Analysts at CloudSEK have found that threat actors are using black hat Search Engine Poisoning to promote Rummy and investment websites to unsuspecting users. They are targeting sites with .gov.in and .ac.in domains, employing keyword stuffing related to well-known Indian financial brands. Over 150 government portals, mainly from state governments, have been impacted.
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption
L7 DDoS Botnet Hijacked 5.76M Devices for Large Attacks
What is Search Engine Poisoning?
Search engine poisoning refers to malicious practices aimed at manipulating search engine results to promote harmful or deceptive content. These tactics are typically employed by cybercriminals to redirect users to fraudulent websites, distribute malware, or launch phishing attacks. Techniques in play are Referrer Header Manipulation, Cloaking, Keyword Stuffing, Backlinking, Underlying system Vulnerabilities.
Threat actors injected malicious JavaScript into vulnerable government websites, including state portals, to manipulate search engine rankings. The script redirects mobile users from search engines like Google to gambling sites, while showing error pages to desktop users to avoid detection.
One compromised Kerala government webpage, for instance, was altered to include hidden keywords like “instant personal loans” and “low-interest credit cards” tied to major Indian banks.
Analysts found over 12,000 spam pages leveraging .shtml and .aspx file uploads on government servers, with content mirroring Indonesian casino templates to bypass regional filters.
Users searching for legitimate financial services are funneled to pages promoting rummy games disguised as “investment opportunities”.
Since January 2025, Google has removed 2,300 malicious pages, but ephemeral domains and encrypted traffic remain challenges. With annual losses over ₹200 crore, this issue underscores the urgent need for better defenses in India’s digital governance.
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
