Shady SEO Campaign Spews Malware via a Google Search

A team of security researchers have uncovered a malicious SEO campaign that targets unsuspecting users through compromised URLs via script injections.

A malware-laced SEO campaign has infected popular keyword searches on Google such as Java JRE, Windows 8 and MSN to affect hundreds of thousands of searches that routinely occur every month. The discovery was one by the security team at Heimdal who uncovered the campaign containing “compromised web pages and dozens of script injections.”

The blog post detailing the observation can be found here.

An unsuspecting user would simply have to search with a targeted keyword and visit the faux web page while looking for information for the malicious payload to be delivered via a fake Java JRE package that is ridden with malware.

BlackHat SEO
Compromised URLs populating a Google search.


BlackHat SEO 2
Not-quite Java JRE when it’s malware.

The same actors behind the malware are also luring victims to web pages containing pornographic content that is also duly infected with malware namely the Angler exploit kit that downloads malicious code onto the targeted computer. A recent operation by Cisco’s security team resulted in the dismantling of a $30 million a year ransomware campaign that also used the Angler exploit kit.

BlackHat SEO 3

The security firm has notified Google of the malware-ridden links in its search results.

Featured image from Shutterstock. Images from Heimdal Security.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.