Atos TRC uncovered a March 2026 EtherRAT campaign that uses SEO poisoning, fake GitHub facades, and Ethereum-based C2 to target enterprise admins and other high-privilege IT users. The operation is built for resilience: a clean-looking “storefront” repository lures victims first, then redirects them to a second repository that delivers the malicious MSI payload. Weaponize SEO […] The post Hackers Weaponize SEO and Fake GitHub Repos In EtherRAT Admin Assault appeared first on Cyber Security News.