HomesecurityGoogle Alerts remains a "hotbed" for fraud and malware distribution!

Google Alerts remains a "hotbed" for fraud and malware distribution!

Google Alerts remains a hotbed of fraud and malware, as malicious agents increasingly abuse the service, targeting promotion of malicious websites. While Google Alerts has been abused for a long time, BleepingComputer has noticed significant increase in malicious activity in the last two weeks.

For example, the BleepingComputer team used Google Alerts for monitoring of various terms related cyber attacks, security incidents, malware and more. In one particular Google Alert, almost every new article posted by the service on April 19 led to fraud or malware, with two such cases being listed below.

Google Alerts
Google Alerts remains a "hotbed" for fraud and malware distribution!

Read also: Hackers promote fake Adobe Flash updater through Google Alerts!

When you open these notifications, instead of being redirected to a legitimate website, you are redirected through a number of sites until you reach promoting malware, adult fake sites, fake dating apps, adult games, giveaway scams and lotteries, as well as unwanted extensions browser.

Google Alerts "home" for scams and malware distribution
Google Alerts remains a "hotbed" for fraud and malware distribution!

Unfortunately, even if you set Google's service to show you the best results, fraud alerts often "slip" only to be detected when you open them.

See also: Google: How to find what information it collects and how to delete it?

How do Google Alerts scams work?
To trick Google into believing that they are legitimate sites and not scams, malicious agents use a black hat Search Engine Optimization (SEO) called «Cloaking».

Cloaking is when a site displays different content to visitors than search engine spiders. Cloaking allows the site to look like plain text or a standard blog post when Google search engine spiders visit the page, but performs malicious redirects when a user visits the site from a Google redirect.

For example, if you or the spider Googlebot visit the website directly, the site will display one text wall with high keyword density for the terms they are trying to rank. Below, you can see that malicious agents use a lot of keywords related to cybersecurity, to target well in this category.

example of fraud
Google Alerts remains a "hotbed" for fraud and malware distribution!

However, when a user accesses the site via a Google Alert URL, they will be redirected to malicious sites that promote malware or scams.

Proposal: Google search: Black Hat SEO attacks lead to malicious and pornographic content

example of malicious download
Google Alerts remains a "hotbed" for fraud and malware distribution!

For example, when opening one of the Google Alerts links in Firefox, the link led the BleepingComputer team to a software promotion page called YoutubeToMP3, which has 24/69 VirusTotal scans. After installing the malware, one headless Chromium browser starts in the background performing suspicious activity while using 27% of the CPU.

example of a malicious program
Google Alerts remains a "hotbed" for fraud and malware distribution!

As Google never redirects to malicious websites, the webpage is added to the search index and a Google Alert is disabled for anyone who monitors these keywords. Those who receive the notification will not know that the URL is malicious until they visit the site or until their installed antivirus blocks that URL.

Source of information: bleepingcomputer.com

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.
spot_img

LIVE NEWS