Active Stocks
Thu Mar 28 2024 15:59:33
  1. Tata Steel share price
  2. 155.90 2.00%
  1. ICICI Bank share price
  2. 1,095.75 1.08%
  1. HDFC Bank share price
  2. 1,448.20 0.52%
  1. ITC share price
  2. 428.55 0.13%
  1. Power Grid Corporation Of India share price
  2. 277.05 2.21%
Business News/ Technology / News/  Five-year-old malware games search engines to infect users’ devices
BackBack

Five-year-old malware games search engines to infect users’ devices

Under the new method, the hackers behind Gootloader maintain a network of roughly 400 servers and websites, which game the search engine algorithm to appear on top of certain searches
  • These websites appear on top of specific and very narrow searches, leading people to the websites
  • Five-year-old malware games search engines to infect users’ devicesPremium
    Five-year-old malware games search engines to infect users’ devices

    A five-plus-year-old malware is putting user data at risk by gaming Google and other search engines. According to security firm Sophos, the trojan’s functionality is usually set around banking credential theft, but “much effort" has gone into the improvement of how it’s delivered to users in recent years. “In the past, Sophos and other security experts have bundled the discussion of the malware itself with analysis of the delivery mechanism, but as this method has been adopted to deliver a wider range of malicious code, we assert that this mechanism deserves scrutiny (and its own name), distinct from its payload, which is why we’ve decided to call it Gootloader," the firm said, talking about the new method.

    Under the new method, the hackers behind Gootloader maintain a “network" of roughly 400 servers and websites, which game the search engine algorithm to appear on top of certain searches. Sophos noted that these websites appear on top of specific and very narrow searches, leading people to the websites, which look completely legitimate.

    Surprisingly, the websites seem to appear on top of searches even when they don’t actually relate to them. Sophos cited one example where a neonatal medical practice based in Canada was showing up on top of a search related to real estate. “Google itself indicates the result is not an ad, and they have known about the site for nearly seven years. To the end user, the entire thing looks on the up-and-up," the security firm said in its blog post.

    Visitors to these websites receive a “direct download link", which puts a .zip file with the same file name as the original search on their computers. This file contains a compressed file with a .js extension that is the initial infector. “Everything that happens after the target double-clicks this script runs entirely in memory, out of the reach of traditional endpoint protection tools," the firm said.

    The firm didn’t indicate what data the malware is stealing, or how it exactly affects the user. However, it said search engines could monitor this since the malware “games" their algorithms in order to appear on search results in the first place. It also advised users to enable file extensions on their Windows PCs in order to spot files with a .js extension and be wary of them.

    Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!

    ABOUT THE AUTHOR
    Prasid Banerjee
    An engineering dropout, Prasid Banerjee has reported on technology in India for various publications. He reports on technology through text and audio, focusing on its core aspects, like consumer impact, policy and the future.
    Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
    More Less
    Published: 02 Mar 2021, 06:27 PM IST
    Next Story footLogo
    Recommended For You
    Switch to the Mint app for fast and personalized news - Get App