100,000 Google Sites Used to Install SolarMarket RAT
Hackers are currently utilizing search engine optimization (SEO) tactics to direct users seeking common business forums such as invoices, receipts, or other templates to redirect them to hacker-controlled domains. According to eSentire’s Threat Response Unit, attackers are currently in possession of more than 100,000 malicious Google sites that seem legitimate but rather install a remote access trojan used to gain a foothold on a network. The attackers typically then infect systems with ransomware and credential-stealers to launch further attacks.
ESentire details how legions of unique, malicious web pages are impersonating popular businesses and using SEO tactics to appear in the first few pages of a Google search term, therefore attracting more victims. The pages include businesses-related keywords such as template, invoice, receipt, questionnaire, and resume, according to a report published by eSentire on Wednesday. This tactic is becoming increasingly common, according to the publication.