News Karnataka
Sunday, November 27 2022
Science & Technology

Hackers lure users, install malware via Google Search

Photo Credit :

New Delhi: Cyber security researchers have found a new malware that is tricking Google into treating hacked websites as trustworthy sources and presenting innocent users with apparently “perfect matches” to their search queries on the platform.

The hackers are using the malware dubbed as “Gootloader to lure “well-meaning users” into installing the malware on their devices, putting them at ransomeware risk, according to the report by Naked Security, which is global cyber security firm Sophos’s threat intelligence unit.

The Gootkit malware family has been around more than half a decade — a mature Trojan with functionality centered around banking credential theft.

However, in recent years, almost as much effort has gone into improvement of its delivery method as has gone into the malware itself.

This is how the modus operandi works.

The hackers break into hundreds of web servers and implant artificially generated content containing phrases that search engines are likely to associate with expertise in a specific field, like real estate, employment law, import/export regulations, company partnerships and more.

“From time to time, the crooks get lucky and one or their hacked sites turns up as a top hit on Google, thanks to a specific search term entered by an innocent user,” the report said.

There’s a good chance that the user will click the Google link that shows up, because the search hit looks like a natural result, given that it’s not a paid ad or a sponsored link.

If the user clicks through to the hacked server, the crooks recognise that the click came via a Google search by using the Referer in the web request.

The server deliberately sends out a fraudulent web page that looks like a message board on which someone else recently asked the same thing.

“To make the page look even more convincing, there’s a further reply, apparently from the original questioner, thanking the administrator for their prompt and helpful answer,” the report mentioned.

Google was yet to react to the Sophos report.

SophosLabs encountered Gootloader’s fake message board pages in a variety of different languages, including English, German, French and Korean, with different campaigns targeted at different regions.

“This search poisoning trick works because the website you visit seems to fit your search perfectly, which feels like too much of a coincidence for a crook to have anticipated it in advance,” said the researchers.

Share this:
Support NewsKarnataka's quality independent journalism with a small contribution.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Leave a Reply

Your email address will not be published. Required fields are marked *

Visit 7Jackpots and find the best online casinos in India! Play the most popular casino games for real money!

Find the best odds at 10Cric and ipl betting 2021! Signup today and get up to a 100% deposit bonus.

To get the latest news on WhatsApp