How Threat Actors Are Rizzing Up Your AI for Profit www.recordedfuture.com/blog/how-…

AI is reordering search dominance. Conventional wisdom says Google’s traditional search engine is headed for the dustbin, something largely unimaginable even a few years ago. As people (and agents) migrate search habits from Google to LLMs, what happens to referrer monetization models? More importantly for enterprise defenders and risk managers, HOW will traffers and malicious Traffic Distribution Systems (TDS) adapt?

Recorded Future’s Insikt Group recently reported on TAG-124, which operates a TDS designed to redirect unsuspecting web browsers to malicious destinations for malware/ransomware installation, cryptocurrency theft, and more. SocGholish malware, also known as FakeUpdates, employs TDS such as Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to malicious sites. Additional criminal TDS include Help TDS, Los Pollos TDS, and more. The TDS options and branding are important reminders that threat actors (TAs) have choices when investing in traffic demand generation, which leads to competition and incentivizes first-mover advantage toward LLMs in this malicious services niche.