Cybercriminals hack Google Looker Studio to rank their malicious websites high on search engine results pages and promote spam, illegal content, and torrents.
The campaign uses a technique known as SEO poisoning. This method uses legitimate website copies and populates them with links leading to these malicious sites. In the eyes of Google’s search engine algorithm, the links give the spam sites enough credibility for the tool to rank them highly for specific keywords.
This particular attack uses Google’s datastudio.google.com subdomain.
Fake blockbuster movie downloads
Beeping computer says it found several pages of Google’s search results “flooded with links to datastudio.google.com,” after being tipped off by a concerned reader. The links do not lead to an actual Google Data Studio project, but to websites that host illegal content, such as current blockbuster movies (Black Adam, Black Panther: Wakanda Forever, and the like).
Before the victims actually end up on these pages, they are also redirected a few times.
SEO poisoning is a well-known method, often used by threat actors to increase their chances of landing malware on more endpoints (opens in new tab).
Typically, SEO poisoning is used to push torrent sites high on Google’s results pages for searches such as commercial software, the latest movies or computer games. Consumers looking to save a few bucks on software and games sometimes turn to shady sites that promise cracks and activators that allow them to use the products without paying for the license.
Usually, activators and cracks do not actually work as advertised and merely proliferate viruses or malware. These malicious programs can do all sorts of damage, from installing cryptocurrency miners to stealing sensitive data, deploying ransomware and making the devices completely useless.
Via: Bleeping Computer (opens in new tab)