Security News > 2021 > March > Cybercriminals using Google Search as the latest trick to snare unsuspecting victims for malware attacks
It was only a matter of time before cybercriminals turned their attention to one of the most common activities on the internet- a Google search.
The latest trick is using long-tail search terms and legitimate websites to deliver the Gootkit remote access trojan.
This latest iteration of the Gootkit RAT uses "Malicious search engine optimization techniques to squirm into Google search results," as Sophos analysts describe it in a blog post.
The Sophos research found that bad actors are not targeting other search engines as frequently or as successfully.
Gaurav Banga, founder and CEO of cybersecurity company Balbix, said that with the recent Gootloader malware, bad actors are "SEO poisoning" by compromising legitimate and highly-trafficked websites by accessing the site back-end, editing content to improve SEO, and adding discreetly named ZIP files containing the malware that website visitors then download. "The easiest way to deploy SEO malware is through an admin user's compromised system," he said.
A reply to the query includes a direct download link to a zip archive file with a filename that matches the search query.
News URL
Related news
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Google to Remove App that Made Google Pixel Devices Vulnerable to Attacks (source)
- Azure domains and Google abused to spread disinformation and malware (source)
- Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign (source)
- New Voldemort malware abuses Google Sheets to store stolen data (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)