Mindful Squirrel ‐ Entry #1398 ‐ Data Clustering Contest

Google warns users to 'never' search certain six-word phrase

12 Nov 2024, 15:40 by James Rodger, https://www.facebook.com/jamesrodgerjournalist · Birmingham Live

The exact six words you should never search on Google to avoid being hacked have been revealed. According to cybersecurity firm Sophos, criminals are "poisoning" obscure Google searches to exploit a vulnerability in web browsers.

Typing the words "Are Bengal cats legal in Australia" into Google could be disastrous, researchers say. Hackers have created fake websites that occupy the top results under that search phrase and when clicked, these websites would download malicious software onto the searcher's device.

"When you do a Google search and it says ‘there aren’t very many good answers for this’, that’s an opportunity [for hackers]," Sean Gallagher, a cybersecurity researcher at Sophos, told The Times. "They can say, ‘OK, I’m going to build a website that appears to answer this question, and I’m going to use it for malicious purposes’.”

A Google spokesperson said: “The example in this report is an extremely uncommon query, and the website referenced doesn’t rank highly in search. Our advanced spam-fighting systems aggressively target hacked spam, which can appear when there are vulnerabilities in a site’s security.

"We notify sites if our systems detect that they may have been hacked, and provide tips so that site owners can better ensure the security of their sites.” This type of hack is called "SEO [search engine optimisation] poisoning", and first emerged in 2020, according to a recent blogpost by Sophos.

Victims are often enticed into clicking on malicious adware or links disguised as legitimate marketing, or in this case a legitimate Google search directing the user to a compromised website hosting a malicious payload masquerading as the desired file.

If the malware remains undetected on the victim’s machine, it makes way for a second-stage payload known as GootKit, which is a highly evasive info stealer and remote access Trojan (RAT) used to establish a persistent foothold in the victim’s network environment. GootKit can be used to deploy ransomware or other tools, including Cobalt Strike, for follow-on exploitation.