Connect with us

Hi, what are you looking for?

HEADLINES

Sophos uncovers Gootloader’s SEO manipulation, hacked website campaign that targets business users

Gootloader uses SEO optimization and social engineering, a combination that is not commonly seen in malware delivery. The usually recommended safety instructions to overcome common threats are not sufficient here. Organizations need to understand how this type of attack works, as outlined in the Sophos research, to be able to recognize it and be ready and able to defend against it.

Sophos, a global leader in next-generation cybersecurity, published research earlier this year on how the operators behind the “Gootloader” malware delivery platform were poisoning websites with malicious content and manipulating search engine optimization (SEO) to ensure that these hacked websites appeared among the top search results.

Recently, Sophos researchers have now published an update to the Gootloader research that reveals the following: 

  • The operators behind Gootloader ensure that a web search will find and accept the compromised sites as one of the most suitable targets.
  • This is no rudimentary process, as the search results that deliver Gootloader pages are often the top result for the specific query that leads victims to them.
  • The malicious code that runs on the compromised websites
  • The “mothership” server that controls the infection process and provides the content that is delivered by the compromised sites
  • The most frequently poisoned search terms that reveal Gootloader is targeting corporate internet users rather than consumers

Gabor Szappanos, threat research director at Sophos, said: “Gootloader uses SEO optimization and social engineering, a combination that is not commonly seen in malware delivery. The usually recommended safety instructions to overcome common threats are not sufficient here. Organizations need to understand how this type of attack works, as outlined in the Sophos research, to be able to recognize it and be ready and able to defend against it.”

Sophos recommends that individual internet users also look out for the following warning signs:

  • Search results that point to websites for businesses that have no logical connection to the advice they appear to offer
  • Advice that precisely matches the search terms used in the initial question
  • A ‘message board’-style page that features text and a download link that also precisely matches the search terms used in the initial Google search

Sophos Intercept X protects users by detecting the actions and behaviors of malware like Gootloader, such as the delivery of Cobalt Strike or the use of its process hollowing techniques to inject malware onto a running system.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

APPS

Today, the App Store stands at the forefront of app distribution, setting the standard for security, reliability, and user experience.

HEADLINES

Kaspersky has detected and blocked over 13 million web threats from its security solutions for businesses in Southeast Asia (SEA). Historical data from the...

HEADLINES

Kaspersky has been at the forefront of raising awareness about cybercrimes and empowering individuals and organizations to protect themselves.

HEADLINES

“We remind our customers to carefully inspect URLs before opening them. Criminals often use spellings very close to legitimate domains to deceive customers into...

HEADLINES

For the Philippines, PH-CERT and NADPOP estimate that the country needs 180,000 trained and validated cybersecurity professionals to proactively and effectively protect the country’s...

White Papers

46% of geo-distributed companies encountered network problems between one and three times per month, while 13% stated they experienced network challenges every week. The...

HEADLINES

“Data is the new oil. Cyber criminals steal personal information to defraud you or use your identity to victimize people close to you. Guard...

White Papers

According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government...

Advertisement