Hackers are using Google Search results to spread dangerous banking trojan


Hackers are infecting Google Search results with a dangerous new form of malware, security researchers have warned.

Researchers from Talos, the cyber security arm of Cisco, say that hackers are using traditional search engine optimisation (SEO) techniques to ensure that their compromised websites feature prominently for banking related terms in Google’s Search results.

Talos said that the hackers, the identities of which remain unknown, were able to get the “poisoned” web pages on the first page of Google Search.

They said the trojan is a variant of ‘Zeus Panda’ designed to steal online banking information and login details.

Some of the terms the hackers compromised included “nordea sweden bank account number”, “free online books for bank clerk exam”, “how to cancel a cheque commonwealth bank” and “sbi bank recurring deposit form”.

In a blog post, the researchers explained that the hackers were targeting customers of banks in Sweden, the Middle East, India and Australia, including Nordea Sweden, Axis Bank, Bank of Barodia, the State Bank of India, Saudi Arabia’s Al Rajhi Bank and the Commonwealth Bank of Australia.

The hackers start by compromising legitimate websites then optimise them to rank highly in Google Search.

When a victim clicks on one of the compromised links they are redirected to a web page controlled by the hackers which informs the victim to download a Microsoft Word document. Once the Word doc has been downloaded the trojan is installed on the device.

Image: Talos

“It has become common for users to use Google to find information that they do not know. In a quick Google search you can find practically anything you need to know”, the researchers said.

“Links returned by a Google search, however, are not guaranteed to be safe. In this situation, the threat actors decided to take advantage of this behavior by using Search Engine Optimization (SEO) to make their malicious links more prevalent in the search results, enabling them to target users with the Zeus Panda banking Trojan”.

“By poisoning the search results for specific banking related keywords, the attackers were able to effectively target specific users in a novel fashion”.

Researchers said this is an example of how hackers are “re constantly trying to find new ways to entice users to run malware that can be used to infect the victim’s computer with various payloads.”

“The threat landscape is constantly evolving and threat actors are continually looking for new attack vectors to target their victims.”

“Users, however, must also remain vigilant and think twice before clicking a link, opening an attachment or even blinding trusting the results of a Google search”.


Comments are closed.