Security experts are raising the alarm against another search query on Google that comes under the tag of SEO poisoned. This means if you search for a certain phrase or term, it will result in links that entail Windows malware.
The news comes to us thanks to a report published by cybersecurity giant Sophos. It detailed more about how fake forum sites pop up near the top of the Search results when you look for something such as ‘Are cats legal in Australia?’ When you press on this, it triggers zip file downloads featuring malware.
Any malicious file will pop up across the web page related to fake admin posts.
Such malware is the latest version of GootLoader that is used to add ransomware on a victim’s machine. The same is the case for banking trojans. It combines Scheduled Tasks with PowerShell and JavaScript files to infect PCs.
The files feature a lot of obfuscated codes and fake data linked to licensing. This adds a very realistic touch that cannot be detected by those who aren’t tech-savvy. It also claims to arise from software on Microsoft as mentioned in its JavaScript but that’s not true.
Various versions of the malware were present for years and they keep on infecting PCs via SEO-poisoning. The GootKit has been present for nearly 10 years. Before, older versions used to exploit JavaScript to carry out the attacks.
They prep the computers for the Cobalt Strike malware payload and ransomware. So this is clear proof that just because you find a site located near the top of Google’s search results, don’t just assume it’s safe. It could be malicious and filled with malware in the form of ads.
These not only track users but also trick them into clicking or downloading something that is far from what it actually is. Take for example the popular DeerStealer malware that was disguised in between verified Google ads for false authenticator applications as reported by various top security companies.
Image: DIW-AIgen
Read next: Apple Ordered To Stop All Geo-Blocking On Its App Store, Podcasts, Books, iTunes, Music, and Arcade in the EU
The news comes to us thanks to a report published by cybersecurity giant Sophos. It detailed more about how fake forum sites pop up near the top of the Search results when you look for something such as ‘Are cats legal in Australia?’ When you press on this, it triggers zip file downloads featuring malware.
Any malicious file will pop up across the web page related to fake admin posts.
Such malware is the latest version of GootLoader that is used to add ransomware on a victim’s machine. The same is the case for banking trojans. It combines Scheduled Tasks with PowerShell and JavaScript files to infect PCs.
The files feature a lot of obfuscated codes and fake data linked to licensing. This adds a very realistic touch that cannot be detected by those who aren’t tech-savvy. It also claims to arise from software on Microsoft as mentioned in its JavaScript but that’s not true.
Various versions of the malware were present for years and they keep on infecting PCs via SEO-poisoning. The GootKit has been present for nearly 10 years. Before, older versions used to exploit JavaScript to carry out the attacks.
They prep the computers for the Cobalt Strike malware payload and ransomware. So this is clear proof that just because you find a site located near the top of Google’s search results, don’t just assume it’s safe. It could be malicious and filled with malware in the form of ads.
These not only track users but also trick them into clicking or downloading something that is far from what it actually is. Take for example the popular DeerStealer malware that was disguised in between verified Google ads for false authenticator applications as reported by various top security companies.
Read next: Apple Ordered To Stop All Geo-Blocking On Its App Store, Podcasts, Books, iTunes, Music, and Arcade in the EU
