A new malware campaign is using SEO poisoning in order to lure victims into downloading fake versions of common apps that are malicious. As reported by Cybernews, reports that hackers are putting malware into fake apps that mimic popular legitimate ones like Signal, WhatsApp and Chrome in order to trick victims into downloading their malicious versions instead.
FortiGuard Labs researchers have identified this new attack which both tricks users and games the search algorithms by using SEO plugins and registered lookalike domains in order to get to the top of search results. Once a victim is on their fake website, they’re fooled into downloading a trojanized installer of one of many commonly searched for apps like Telegram, Deepl, Line or others.
The mimicked websites are able to deliver malware from several known families but those that have been reported include Hiddengh0st and a new Winos variant. Malicious components have been bundled into the installer packages, which appear to also download the real applications, and after launching malicious DLLs will also drop along with hidden directories, administrator privileges and functions to help the malicious code evade detection.
From there, attackers can easily collect information about the device and the victim, log keystrokes and clipboard information, load plugins for surveillance and control as well as enumerate any antivirus and security tools, or capture screen activity. The plugins that the malware can deliver also suggest the possibility that the hackers behind the attack can intercept app communications from Telegram.
How to stay safe from fake sites in search results
According to FortiGuard Lab's report, this new campaign mainly targets Chinese-speaking users. Still though, SEO poisoning is a serious problem because it pushes fake sites to the top results of search rankings so that even careful internet users can be tricked if they’re not vigilant. Similar campaigns in the past have exploited top company names like PayPal, Apple, Bank of America, Netflix and Microsoft and led victims to fake sites where they were prompted to download malware. Cybercriminals have even purchased sponsored ads in order to pretend to be major brands.
To stay safe, be vigilant: Hover your mouse over the top search results to make sure they don't contain any misspellings or odd characters. Look for any mismatches between what the result should be and what the URL leads to. Always be suspicious of any site that is promising free downloads or anything that sounds too good to be true. Likewise, If you know a company's website already, enter it in manually in the web browser.
And to ensure safe online practices, make sure you're protected by one of the best antivirus software solutions that's kept up-to-date; also know how to use all its extra features like a VPN or hardened browser.
SEO poisoning is nothing new and if there's a chance to game the algorithm to reach the top spot in search engines, hackers are going to leverage this opportunity. That's why it's up to you to be extra careful online when downloading new apps or software. When in doubt, just head right to an official app store instead of trying to download new programs the old fashioned way.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
