A new and highly-sophisticated variant of the malicious Panda Zeus malware is capable of exploiting Google’s standard search results to trick unwary consumers into providing their banking credentials over the web, as highlighted in a blog post published by the Cisco-System’s-owned Talos earlier this week.
Metaphorically speaking, the malware “poisons” Google’s search engine results using Search Engine Optimization (SEO), essentially so that “fake bank-related results” are shuffled to the top of the first page, according to a FOX News report. Users searching for bank-related information such as branch locations, hours, or to open a new account online are being tricked into clicking a fake and malicious link which ostensibly looks harmless, but ultimately infects their system with the virus.
Talos’ Cybersecurity experts noted how nefarious actors in this case took advantage of Google’s in-built SEO tools to increase the prevalence with which their malicious links appear in standard search results.
Added cybersecurity firm, Bleeping Computer: the malware’s ultimate goal is to trick unwitting users into clicking malicious links, which will direct and re-direct them until such point they’ve reached a website “offering a Microsoft Word document for download,” Talos said.
“Ironically we have observed the same redirection system and associated infrastructure used to direct victims to tech support and fake [anti-virus] scams,” Talos said, while experts at Bleeping Computer added that “This group has taken a novel approach, never before seen in the distribution of banking Trojans,”
How to Protect Yourself
Fortunately, the present malware appears to be affecting Windows PC users, specifically; and Talos’s experts were quick to point out how it’s only a major threat to consumers in India, Saudi Arabia, Sweden and Australia right now. As with other other forms of malware, however, it’s probable (but not guaranteed) that this too will spread to other parts of the world eventually.
Therefore, the number one step to protecting yourself is to be extremely cautious, alert, and discerning when you’re looking for and clicking on links generated through a Google search — and especially so if your search involves bank-related information.
“Defending against this attack requires not only vigilance by companies to make sure the sites and servers are compromised, but that consumers pay attention to what they are clicking on and not enabling macros or opening unknown attachments.”
Meanwhile, experts at cybersecurity firm, Avast, in a statement submitted to FOX News said they’re currently “blocking most of these sites, [which] prevents users from being infected” in the first place.