Hackers are now improving a site’s SEO as part of their attack

Trojan Horse Malware

Well here’s something interesting that you might not expect. Hackers are getting more sophisticated every year, and in 2021 they’re doing something you’d never expect, helping their victims rank better in search engines.

While it might sound a bit weird, there’s a method to the madness:

According to Sophos, the so-called search engine “deoptimization” method includes both SEO tricks and the abuse of human psychology to push websites that have been compromised up Google’s rankings. 

(Source ZDNet)

It might sound like a good thing to rank better in Google…but the hackers are actually getting the sites to rank for things completely unrelated to what they actually do. Then, by putting fake pages on the hacked site that look like forum posts they try to trick web users into giving away information like banking details.

Oh, and doing this kind of SEO magic is no small tasks, apparently it takes around 400 computers to make it happen 🤯

To accomplish this phase of the attack, the operators of Gootloader must maintain a network of servers hosting hacked, legitimate websites (we estimate roughly 400 such servers are in operation at any given time). The example shown above belongs to a legitimate business, a neonatal medical practice based in Canada. None of the site’s legitimate content has anything to do with real estate transactions – its doctors deliver babies – and yet it is the first result to appear in a query about a very narrowly defined type of real estate agreement. Google itself indicates the result is not an ad, and they have known about the site for nearly seven years. To the end user, the entire thing looks on the up-and-up.

(Source – Sophos)

My guess is the end result is bad news for the website owner as I could see Google delisting compromised domains making it tough for them to rank for anything in the future.

There’s no doubt that hackers are getting more and more clever but jeez, using 400 computers in an attack, that’s something else.

{ 1 comment… add one }

  • jeff schneider March 4, 2021, 2:32 pm

    Hello Morgan,

    You haven’t even seen the tip of the iceberg. Those legions of (SEM-CENTRIC) Hackers = The source of the problem are doing a Hit job on Google Subscribers. JAS 3/4/2021
    Gratefully, Jeff Schneider (CONTACT GROUP) We don’t Follow, We Create

    Reply

Leave a Comment