Security News > 2022 > November > 15,000 sites hacked for massive Google SEO poisoning campaign
Hackers are conducting a massive black hat search engine optimization campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums.
The attacks were first spotted by Sucuri, who says that each compromised site contains approximately 20,000 files used as part of the search engine spam campaign, with most of the sites being WordPress.
The campaign likely primes these sites for future use as malware droppers or phishing sites, as even a short-term operation on the first page of Google Search, would result in many infections.
Browsers will not be sent an image from this URL but will instead have JavaScript loaded that redirects users to a Google search click URL that redirects users to the promoted Q&A site.
Using a Google search click URL is likely to increase performance metrics on the URLs in the Google Index to make it appear as if the sites are popular, hoping to increase their ranking in the search results.
As all of the sites use similar website-building templates, and all appear to have been generated by automated tools, it is likely they all belong to the same threat actors.