Hackers are constantly refining their techniques to successfully attack and achieve their goals. It is true that we can have many tools that help protect us on the network. Many types of programs that in one way or another improve our privacy and security. However, attackers also find a way to improve. In this article we echo how they use what is known as Black Hat SEO to sneak malware through Google.
Hackers use Black Hat SEO to sneak malware through Google
First of all, you have to indicate what Black Hat SEO is. Basically we can say that it is about carrying out techniques to deceive search engines. The goal is for them to rank web pages that are apparently legitimate and safe, but are actually sites that contain malware.
In this case, we are dealing with the use of this trick to sneak malware through Google . More specifically, it is a malware to steal information created by Gootkit, a group of cybercriminals behind other attacks such as the delivery of the REvil ransomware. There are many methods to sneak malware that they can use.
Attackers take advantage of hacked WordPress sites and thereby carry out SEO poisoning to display posts with malicious links in Google results.
Keep in mind that Google shows results according to geographic location. This means that the attacks, the SEO poisoning techniques, can focus on a specific area, such as a country.
According to a report by Sophos cybersecurity firm, estimates that Gootloader, malware to steal information from Gootkit, controls about 400 active servers anytime legitimate websites hosting pirted. They indicate that attackers modify the content management system of that site to display false forums or messages to visitors from certain geographic locations.
REvil ransomware, but also other varieties, such as the Kronos Trojan, have been observed to try to sneak in this way.
Malicious file via link
When the victim clicks on a link, the visitor accesses a ZIP file with a JavaScript file inside. This is the initial method to infect the system. Sophos notes that this is the only stage where a file is written to disk and all other malware is deployed to system memory, so traditional security tools cannot detect it.
It uses different layers to try to evade the antivirus and later connect with the command and control server. We are therefore facing a threat that Black Hat SEO uses to infect the victim’s computer without raising suspicions.
It is important that we always keep systems protected, hence the need for a good antivirus . It is something that we must apply to all types of devices and we have a wide range of possibilities at our disposal.
Likewise, we must have the systems and any program that we use updated with the latest versions. Sometimes vulnerabilities emerge that can be exploited by attackers. Patches and updates correct this problem.