Hackers manage to place their fraud sites at the top of Google’s search results.
Sophos cybersecurity researchers have just discovered a new and highly advanced malware delivery mechanism. This is based on the use of Gootkit malware, a multi-year old malware that has evolved to make it possible for fraudulent sites to be placed at the top of Google’s search results and thus infect many devices.
This new delivery mechanism, called Gootloader, It uses harmful SEO techniques to infiltrate Google search results. How they accomplished this task deserves some debate, as they focus on technology as much as they focus on human psychology. »And this is how it indicated Researchers report.
But the Gootloader campaign’s seriousness isn’t just based on the fact that it has managed to get its sites to advance in search results. The sites highlighted have the ability to adapt to the searches that internet users make to display the exact answer to their question.
Targets will naturally click on the link displayed in the first or second positions. Unfortunately, this can lead to the malware download link being hidden. In other cases, the link points to a discussion thread in a perfectly legitimate forum. Then the user will find the answer to their problem in the message of the so-called administrator confirming that the solution is in their download link. Obviously, again, this is malware.
« When someone types a question into a search engine like Google, the hacked websites appear among the best results. To ensure that targets are captured from the correct geographical areas [États-Unis, France, Allemagne, Corée du Sud], Opponents “quickly” rewrite the website code so that site visitors who do not belong to the requested countries see harmless web content, while those in the right place see a page with a discussion or a bogus forum about the topic they inquired about. The fake sites are visually identical, whether they are in English, German, or Korean », Show researchers details, indicating the complexity of the campaign.
Once the target downloads the malware, it runs in the shadows. Depending on the region, Gootloader downloads different virus; Ransomware, Trojans, financial malware, etc.
« Fortunately, there are some warning signs internet users can look out for. These include Google search results that link to websites of companies that do not have a logical connection to the advice they appear to be providing; Tips that closely match the search terms used in the original question He explained again Researchers. Search results that only show a download link with terms that exactly match the search are also questionable.