A new malware campaign is using SEO poisoning in order to lure victims into downloading fake versions of common apps that are malicious. As reported by Cybernews, reports that hackers are putting malware into fake apps that mimic popular legitimate ones like Signal, WhatsApp and Chrome in order to trick victims into downloading their malicious versions instead.
FortiGuard Labs researchers have identified this new attack which both tricks users and games the search algorithms by using SEO plugins and registered lookalike domains in order to get to the top of search results. Once a victim is on their fake website, they’re fooled into downloading a trojanized installer of one of many commonly searched for apps like Telegram, Deepl, Line or others.
How to stay safe from fake sites in search results
According to FortiGuard Lab's report, this new campaign mainly targets Chinese-speaking users. Still though, SEO poisoning is a serious problem because it pushes fake sites to the top results of search rankings so that even careful internet users can be tricked if they’re not vigilant. Similar campaigns in the past have exploited top company names like PayPal, Apple, Bank of America, Netflix and Microsoft and led victims to fake sites where they were prompted to download malware. Cybercriminals have even purchased sponsored ads in order to pretend to be major brands.
To stay safe, be vigilant: Hover your mouse over the top search results to make sure they don't contain any misspellings or odd characters. Look for any mismatches between what the result should be and what the URL leads to. Always be suspicious of any site that is promising free downloads or anything that sounds too good to be true. Likewise, If you know a company's website already, enter it in manually in the web browser.
And to ensure safe online practices, make sure you're protected by one of the best antivirus software solutions that's kept up-to-date; also know how to use all its extra features like a VPN or hardened browser.
SEO poisoning is nothing new and if there's a chance to game the algorithm to reach the top spot in search engines, hackers are going to leverage this opportunity. That's why it's up to you to be extra careful online when downloading new apps or software. When in doubt, just head right to an official app store instead of trying to download new programs the old fashioned way.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
More from Tom's Guide
- Those urgent text messages aren't from your motor vehicle department - here's how to tell they're fake
- 7 iPhone security settings you should enable right now to lock down your smartphone
- Skincare giant Clarins allegedly hit in data breach with 600,000 customers exposed — what you need to know
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
