



Malware over five years ago is endangering user data by turning Google and other search engines into games. According to security firm Sophos, Trojan horse functionality is typically centered around theft of bank credentials, but in recent years much effort has been put into improving the way it is delivered to users. In the past, Sophos and other security experts have analyzed the delivery mechanism of the malware itself, but this mechanism has been adopted to deliver a wider range of malicious code, so this mechanism is what the payload is. No, I assert that it deserves scrutiny (and its own name). This is why we decided. We call it a gut loader, “he said, talking about a new method.

In the new way, the hackers behind Gootloader maintain a network of about 400 servers and websites. This is a game that displays search engine algorithms on top of a particular search. Sophos is a people to websites where these websites appear on top of certain very narrow searches and look perfectly legal.

Surprisingly, the website seems to appear above the search, even if it’s not really relevant. Sophos quoted one example of Canada-based neonatal care displayed in addition to real estate-related searches. Google itself shows that the result is not an ad, and they have known about the site for almost seven years. To the end user, everything looks up. “

Visitors to these websites will receive a direct download link. This will place a .zip file on your computer with the same filename as the original search. This file contains a compressed file with the .js extension that was the first infected person. After the target double-clicks, this script runs entirely in memory, outside the scope of traditional endpoint protection tools, “the company said.

The company did not accurately indicate what data the malware was stealing or how it would affect users. However, search engines say they can monitor this because they game the algorithm to display in search results in the first place. It also advised users to enable the file extension on their Windows PCs to find files with the .js extension. And beware of them.

