Cybercriminals are hacking Google Looker Studio to place their malicious websites high on the search engine’s results pages, promoting spam, pirated content, and torrents.
The campaign uses a technique known as SEO poisoning. This legitimate method uses website copy and fills it with links leading to these malicious sites. In the eyes of Google’s search engine algorithm, the links give the spam sites enough credibility for the tool to rank them high for specific keywords.
This specific attack uses Google’s datastudio.google.com subdomain.
Fake blockbuster movie downloads
BleepingComputer says it found multiple pages of Google search results “flooded with datastudio.google.com links”, after being tipped off by a concerned reader. The links don’t lead to an actual Google Data Studio project, but rather to websites hosting pirated content, such as current blockbuster movies (Black Adam, Black Panther: Wakanda Forever, and similar).
Before actually landing on these pages, the victims will first be redirected a couple of times, as well.
SEO poisoning is a known method, often used by threat actors to improve their chances of malware landing onto more endpoints (opens in new tab).
Most of the time, SEO poisoning is used to push torrent sites high on Google’s results pages for queries such as commercial software, the latest movies, or computer games. Consumers looking to save a few dollars on software and games sometimes go on shady sites promising cracks and activators which would enable them to use the products without paying for the license.
Most of the time, the activators and cracks don’t really work as advertised, and all they do is distribute viruses, or malware. These malicious programs are capable of wreaking all kinds of havoc, from installing cryptocurrency miners, to stealing sensitive data, to spreading ransomware and rendering devices completely useless.
Via: BleepingComputer (opens in new tab)