USANEWSBEST

Business & Finance

New Chrome, Safari, Firefox Warning—Do Not Google These Words

Updated on November 12 with more dangerous Google search warnings.

Two unrelated stories have caught the imagination in recent days, both presenting a stark warning as to the risks in what you type into your Google search bar. Safe browsing is becoming ever more critical, as seen with Google’s new AI-powered security update coming to Chrome. But some of the dangers will surprise you.

First let’s deal with a serious cyber threat caught by the security team at Sophoswhich warned last week that “the internet is full of cats—and in this case, malware-delivering fake cat websites used for very targeted search engine optimization.”

ForbesWhy You Should Stop Using Other People’s iPhone Charge Cables

It turns out that the latest trick to lure users into installing malware relies on niche search engine terms to push malicious links on those awaiting the results. This so-called SEO-poisoning needs fairly specialist terms, otherwise it would not be able to command headline top-of-the-page results. “In this case,” Sophos says, “we found the GootLoader actors using search results for information about a particular cat and a particular geography being used to deliver the payload:

Are Bengal Cats legal in Australia?” Is that niche enough for you?

“Our investigation,” the team reports, “revealed the threat actor was using SEO poisoning through an easily accessed online forum found via a simple Google search, initiated by the user for ‘Do you need a license to own a Bengal cat in Australia’… Immediately after the user clicks the link, a suspicious .zip file was downloaded to C:\Users\\Downloads\Are_bengal_cats_legal_in_australia_33924.zip onto the victim’s machine, and the user’s browser was directed to the URL hxxps:[//]www[.]chanderbhushan[.]com/doc[.]php.”

Suffice to say, opening this compromised forum post would download a malicious ZIP-archive payload that would start the staged installation of dangerous malware. “Once used exclusively by the cybercriminals behind REVil ransomware and the Gootkit banking trojan,” GootLoader, Sophos warns, has now “evolved into an initial access as a service platform—with Gootkit providing information stealing capabilities as well as the capability to deploy post-exploitation tools and ransomware.”

Clearly if you have an interest Bengal cats and you live in Australia, then you’ll need to be extra careful. I’m not sure if they’re legal in the country, and I don’t plan to Google to find out. I’ll leave you to do your own non-Google research. For everyone else, bear this attack in mind. If your search is particularly niche then you may be more susceptible to malicious links in search than more generic hunts.

As ESET’s cyber guru Jake Moore warns, “criminals are clever with how they operate and often people will put a huge dose of trust in search engines assuming results are vetted prior to being ranked. Unfortunately, malicious actors are becoming more creative meaning people need to be vigilant across all parts of the internet.”

The fundamentals don’t change though—be wary of links and installs. Usually this applies most to socially engineered attacks via social media, email or messaging platforms. This just adds search results into that heady mix.

The second “be careful what you Google” story is very different. Just a few days before the Sophos report was published, a story appeared in several media outlets, warning that “a woman has revealed the four words you should avoid Googling to ensure the police do not pay an unexpected visit to your house.”

As reported, a couple in Long Island “were browsing for everyday household items” when they inadvertently entered just the right combination to trigger a terrorism profiling flag, prompting law enforcement to pay them a visit. “So, if you don’t want police to show up at your door, don’t search the four words – ‘pressure cooker bomb’ along with the word ‘backpack’.”

The story was a little stretched given that this wasn’t a direct flag from an all-seeing computer system in DC analyzing Google searches, it was in fact the IT department at the husband’s employer who flagged the search and reported it to the local police. This was back in 2013, with the Boston Marathon fresh in people’s minds. “Following the couple’s unintentional internet search, several black SUVs pulled up at the couple’s house to ensure they were not a terrorist threat.”

While the story has captured the imagination, it’s not the searches that will catch you out but the content returned by those searches. Accessing websites and links flagged as dangerous is more likely to see your browsing behaviour traced back to you than a search itself. That said, if you fall foul of law enforcement then a review of the search history on your devices or linked to your accounts is almost certain.

ForbesMicrosoft Reveals New Upgrade Warning For 850 Million Windows Users

As per The Hill“the search history of Thomas Matthew Crooks, identified as the 20-year-old gunman who attempted to assassinate former President Trump at a rally outside Pittsburgh last weekend, includes photos of Trump and President Biden, among other things. Crooks, who was killed after opening fire at the campaign event, had searched dates of Trump’s appearances and the upcoming Democratic National Convention, FBI officials told members of Congress.”

Unless you’re exceptionally careful with clean devices and no account logins, especially not a Google account login, and you use a VPN or even connect from a location unconnected to you, internet activity has a habit of coming back to bite. And that’s before the inevitable new threats from AI search engines start to appear.

“As we move to a new time where searching the internet gains a helping hand from AI,” Moore says, “people need to be even more mindful of what they click on as it is likely to be abused. If links take people directly to a download, they need to be extra careful they do not install what has just appeared in their downloads folder.”

Those threats are gaining ground and driving further warnings. And they’re becoming more organized and industrialized. Turning back to the SEO poisoning threat, a new report from Trend Micro and its Japanese partners has just “revealed hidden connections among SEO malware operations.”

The concept of operations is the same as seen with the Bengal Cat operation, “threat actors using SEO poisoning tactics to redirect users to fake e-commerce sites.” What’s new is that the research has “identified three groups of threat actors each using a unique malware family, while one group used multiple malware families.” Those threat actors have also been seen to share their command and control infrastructure and reuse the malicious e-commerce websites, better leveraging their investments and spreading their operational costs.”

Trend Micro warns that “the number of fake e-commerce sites that aim to defraud people or steal their personal information has been increasing,” citing a JC3 report which warns of 47,278 fake e-commerce sites,” up materially from the 28,818 sites that had been reported a year earlier. The SEO poisoning is the lure to those fake websites. “making search engines display the threat actors’ lure pages as if these were placed on the compromised websites. The lure pages then redirect visitors from search engines to fake e-commerce sites to potentially victimize them.”

Trend Micro warns web users to “be very cautious when looking for products via search engines and when using a shopping site for the first time to avoid falling victim to fake shopping sites.”

Also this month, Malwarebytes has warned of a twist on this threat, with malicious Google Ads being used instead of raw SEO poisoning. “An ad appearing at the top of a Google search… that sponsored result looks entirely authentic, with an official logo and website. We already know that criminals are able to impersonate any brand of their liking by simply using a click tracker — or tracking template — in order to bypass detection.”

As the research team points out in their report, “we [had] noted a decrease in loaders distributed via malvertising for the past 3 months,” with this new warning “a reminder that threat actors can quickly switch back to tried and tested methods.”

The specific threat here is Fakebat, which they discovered being pushed at users “via a malicious Google ad for the productivity application Notion. FakeBat is a unique loader that has been used to drop follow-up payloads such as Lumma stealer.” The fake ads were immediately reported to Google.

ForbesGoogle Android Deadline—You Have 21 Days To Update Your Phone

Whether compromising usual SEO results or planting sponsored ads, the threat is the same and the warnings are the same for users—it’s clear that victims are falling for such scams in a cycle. “While malicious ads delivering malware payloads have been a little more rare for the past several weeks, today’s example shows that threat actors can and will make a comeback whenever the time is right.”

While SEO poisoning might hijack a well used forum to plant a malicious link, ads rely on brand impersonation, leveraging their trust to socially engineer an attack. “Brand impersonation via Google ads remains problematic, as anyone can leverage built-in features to appear legitimate and trick users into downloading malware.”

Trend Micro warns that these are the “tell-tale signs of fraudulent behavior:

  • Suspicious URLs that contain an uncommon domain name
  • Prices that are unusually cheap compared to the product’s usual market price
  • Products that are not typically seen on major shopping sites, but are being sold at a discount
  • Sites that handle a large and diverse range of products despite not being a major retail site
  • Sites that impersonate a major brand
  • Sites that claim to be a ‘specialty store’ but are selling completely unrelated items
  • The site’s information does not match the company’s information and location.”

okaygteam

About Author

Leave a comment

Your email address will not be published. Required fields are marked *

You may also like

Business & Finance

Windsor’s Exclusive Florida Community In Final Phases Of Development

Windsor’s North Village is set to be completed in 2027. IF Studio and NQS Creative Windsorthe sprawling 472-acre private sporting
Business & Finance

Bank of Japan, PBOC, Japan CPI, Fed rate cut

A Japanese flag is displayed as shoppers and pedestrians walk past stores at a shopping street in Tokyo, Japan, on