Security News > 2021 > March > Cybercriminals using Google Search as the latest trick to snare unsuspecting victims for malware attacks

It was only a matter of time before cybercriminals turned their attention to one of the most common activities on the internet- a Google search.

The latest trick is using long-tail search terms and legitimate websites to deliver the Gootkit remote access trojan.

This latest iteration of the Gootkit RAT uses "Malicious search engine optimization techniques to squirm into Google search results," as Sophos analysts describe it in a blog post.

The Sophos research found that bad actors are not targeting other search engines as frequently or as successfully.

Gaurav Banga, founder and CEO of cybersecurity company Balbix, said that with the recent Gootloader malware, bad actors are "SEO poisoning" by compromising legitimate and highly-trafficked websites by accessing the site back-end, editing content to improve SEO, and adding discreetly named ZIP files containing the malware that website visitors then download. "The easiest way to deploy SEO malware is through an admin user's compromised system," he said.

A reply to the query includes a direct download link to a zip archive file with a filename that matches the search query.

News URL

https://www.techrepublic.com/article/hackers-update-gootkit-rat-to-use-google-searches-and-discussion-forums-to-deliver-malware/#ftag=RSS56d97e7