Cybersecurity analysts have warned that hackers use a method named “SEO poisoning” to entice people into visiting sites infected with malware and granting them computer access
A six-word phrase could allow hackers to carry out a sophisticated attack on people’s computers, cybersecurity experts have warned.
People around the world have recently been targeted by a host of new scams attempting to steal money from society’s most vulnerable, with Britons falling for exploitative texts and emails. With Oasis tickets, parcel deliveries and livestreams being used as vehicles to steal, cybersecurity experts have warned about an all-new method being implemented by hackers.
SOPHOS, a US-based cybersecurity network, has warned that would-be hackers are using sophisticated tools to hijack people who make specific Google searches. Typing a six-word expression into the world’s most popular search engine could place internet users at particular risk – but The network has said that hackers are targeting people who search the phrase: “Are Bengal Cats legal in Australia?” While the question isn’t one likely to be used out of Australia or exotic pet circles, it is reportedly one that, when typed and searched, leads people to malicious links containing malware.
Hackers use malware – software that is specifically designed to harm computers, networks and devices – to steal people’s information and even take control of their devices. There are multiple different types of malware, including viruses, worms, ransomware – which holds people’s information and blocks their computers until they pay – bots, trojan horses and more.
SOPHOS revealed the unusual attack method in a recent blogpost in which engineers said that people are “enticed” into clicking on adware or links that might otherwise seem legitimate. They wrote: “Victims are often enticed into clicking on malicious adware or links disguised as legitimate marketing, or in this case a legitimate Google search.”
The example the firm used in this case was meant, rather than to protect the legions of cat-loving internet users, to investigate how one particular type of malware was being used by hackers. Gootloader, although now a decade old, has seen extensive usage by bad actors, including Russian ransomware troupe REvil.
According to Red Canary threat analysis, Gootloader is Javascript-based and uses SEO poisoning – a method that increases the prominence of a dangerous website – to lure victims into downloading a ZIP document posing as something for which the user was looking. The organisation explained that Gootloader attacks happened after people accessed compromised, prominent sites.
Analysts wrote: “While we observed Gootloader detections in customer environments across multiple sectors in 2022, they almost always happened after victims accessed compromised websites that claimed to offer information on contracts or other legal or financial documents.”
Red Canary added that victims of these attacks were directed to the sites after searching queries in common search engines, with their queries including the worlds “agreement”, “contract”, and names of financial institutions. The analysts concluded that the malware is “a threat to all organisations” and is often used opportunistically, rather than to target industry or organisations.
