Google users could endure disastrous consequences if they type an unusual search request into the site, experts say after research into computer and data hacking
Typing the words “Are Bengal cats legal in Australia” into Google could spell dire consequences for the user, experts have warned.
The search term has been hijacked by cybercriminals to gain access to computers. Hackers have created fake websites which, if clicked on, can download malicious software, known as malware, onto the searcher’s computer.
This malware can steal personal data, financial details and login credentials and also give hackers remote access to a computer. The infected device can also help spread software to others. This so-called “poisoning” of search results was discovered by experts at the cybersecurity company Sophos.
Sean Gallagher, a cybersecurity researcher at the British firm, said: “When you do a Google search and it says ‘there aren’t very many good answers for this’, that’s an opportunity [for hackers]. They can say, ‘OK, I’m going to build a website that appears to answer this question, and I’m going to use it for malicious purposes’.” Mr Gallagher noted, ironically, that Bengal cats were “very dangerous”, adding: “So they’re not very well regarded in Australia.”
The search term being hijacked is very niche, often with only thousands of searches, but an example of the wider technique of “SEO (search engine optimisation) poisoning”. The hackers target these terms as there is less competition to get a top-rated result from a search request.
Sophos, based in Abingdon, Oxfordshire, said SEO poisoning had been around since 2020, but “we’ve seen continued growth in this approach to initial compromise, with several massive campaigns using this technique over the past year”.
Hackers have also tried to hijack searches for popular software like Blender 3D, a graphics software programme, Photoshop, financial trading tools and programmes that give remote access to computers.
To avoid being “poisoned”, check the web address before clicking on a search result. Be suspicious of misspellings or unusual names and of sites that prompt unexpected downloads or request sensitive information. Keep your browser and operating system up to date as the latest version will try to block the latest known gaps exploited by hackers.
