Express Computer
Home  »  News  »  Hackers lure users, install malware via Google Search

Hackers lure users, install malware via Google Search

0 201

Cyber security researchers have found a new malware that is tricking Google into treating hacked websites as trustworthy sources and presenting innocent users with apparently “perfect matches” to their search queries on the platform.

The hackers are using the malware dubbed as “Gootloader to lure “well-meaning users” into installing the malware on their devices, putting them at ransomeware risk, according to the report by Naked Security, which is global cyber security firm Sophos’s threat intelligence unit.

The Gootkit malware family has been around more than half a decade — a mature Trojan with functionality centered around banking credential theft.

However, in recent years, almost as much effort has gone into improvement of its delivery method as has gone into the malware itself.

This is how the modus operandi works.

The hackers break into hundreds of web servers and implant artificially generated content containing phrases that search engines are likely to associate with expertise in a specific field, like real estate, employment law, import/export regulations, company partnerships and more.

“From time to time, the crooks get lucky and one or their hacked sites turns up as a top hit on Google, thanks to a specific search term entered by an innocent user,” the report said.

There’s a good chance that the user will click the Google link that shows up, because the search hit looks like a natural result, given that it’s not a paid ad or a sponsored link.

If the user clicks through to the hacked server, the crooks recognise that the click came via a Google search by using the Referer in the web request.

The server deliberately sends out a fraudulent web page that looks like a message board on which someone else recently asked the same thing.

“To make the page look even more convincing, there’s a further reply, apparently from the original questioner, thanking the administrator for their prompt and helpful answer,” the report mentioned.

Google was yet to react to the Sophos report.

SophosLabs encountered Gootloader’s fake message board pages in a variety of different languages, including English, German, French and Korean, with different campaigns targeted at different regions.

“This search poisoning trick works because the website you visit seems to fit your search perfectly, which feels like too much of a coincidence for a crook to have anticipated it in advance,” said the researchers.

–IANS

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image