The hackers are using the search engine optimisation technique that abuses human psychology and uses SEO tricks to rank the website on Google.
Webmasters use SEO optimization techniques to increase the reach of the website on the search engine. Hence, tampering with the website SEO will increase the chance of getting it picked on Google with content management systems to exploit tools, serve financial malware, and ransomware.
As per the Cybersecurity team, “Gootloader” technique is used to deploy the infection for RAT – Gootkit Remote Access Trojan delivering a variety of malware. This technique is used for over 400 servers that can be maintained at any time.
Researchers were not able to find any exploit in the domain compromise but they believe that the CMS that is used in the website backend is hijacked via stolen credentials, malware, or brute force attacks.
Once the hacker has access, they can change the few lines of code in the body of content and insert the target including location and IP. However, these websites answer specific queries in a subtle modification that make it easy to rank on search engines.
This technique is used to insert Gootkit banking Kronos, Trojan, REvil ransomware, and Cobalt Strike among variants in Germany, South Korea, the United States, and France.