A new hacking method is used by exploiters and dark entities on the web and it would make use of SEO or search engine optimization on a company's website before injecting deeply embedded malware to attack its systems. The malware is now identified as "Gootloader" and while it may seem that the group is optimizing the webpage, they are doing the opposite of it.
SEO is one of the best ways to rank up a website for more searches and gathering an audience under Google's search engine and features particularly with news and recent events. This is one of the most effective ways to make a website or business known, and doing so could help boost statistics and guarantee visits to one's site that features its products.
However, now, instead of optimizing the website and its pages, hackers have found a way to "deoptimize" it and insert malware on excellently constructed webpages to fully embed the virus inside the company's systems. The tactic would not only open the website from potential hacks and viruses but also a mix-up with Google as it tries to trick the search engine.
SEO Hackers Inserts New Malware
According to Sophos News, the process of the fake SEO procedures that are being done on the victim's website is called "deoptimization" and has been apparent in recent times. People have been more into SEO lately, especially as they try to rank up in Google's search suggestions and initial results that have evolved during this pandemic season.
In addition to this, the hackers who initially made the REvil ransomware for several companies that attacked its system and integrity have debuted a new malware called "Gootloader" specifically designed for SEO. The malware uses "dirty tactics" from the SEO practice and uses it as a front for its malicious acts that embed into the systems.
Initially, people would be fooled that this is indeed an SEO practice and may look like an excellent optimization and upgrade to the website, however, in reality, it is not. Moreover, the deoptimization procedure hides other malicious malware apart from the Gootloader, and may add the threat actors' other trojans including the "Kronos trojan" and the "Cobalt Strike."
How do Hackers Insert Malware in SEO?
According to ZD Net and Sophos, the threat actors are accessing CMS platforms of different companies and prey on weak to average securities of the website and forces access in the stolen accounts. After doing so, the hackers would have almost full control of the website and this is where it would begin its operations to deliver the payload.
Moreover, the Bootloader and Goot Kit operation is a massive one, and it uses 400 servers or more at a time for the operation to succeed and maintain a hack in a system. The company aims to change the view on the website and targets specific visitors which it could victimize with its fake SEO tactics that were used to be noticed by Google.
Related Article : LastPass Password Manager Has Seven Trackers, Says Security Experts; Recommends Against It
This article is owned by Tech Times
Written by Isaiah Alonzo