Tuesday, May 6, 2025
HomeMalwareHackers Poisoning the Google Search Results to Spreading Highly Sophisticated Banking Malware

Hackers Poisoning the Google Search Results to Spreading Highly Sophisticated Banking Malware

Published on

SIEM as a Service

Follow Us on Google News

Hackers poisoning Google search results to spreading stealthy Banking Trojan by targetting financial-related keyword searches and make this trojanized Malicious links in Top of the search results with highly trust rate and enabling them to target users with the Zeus Panda banking Trojan.

Nowadays cyber criminals are always one step ahead of traditional attack methods like Email spam and other common communication Medium to spreading the advance level threats.

In this case, poisoning the Google search algorithm to take advantage of this behavior by using Search Engine Optimization (SEO) to make their malicious links more prevalent in the search results that makes enabling them to target users with the Zeus Panda banking Trojan.

- Advertisement - Google News

Poisoning the financial keywords search result, an attacker can achieve the maximum conversion rate of their infections which leads to gather some useful information about Victims various financial platforms and gain access by attacker and obtain credentials, banking, and credit card information, etc.

Also Read : Silence Trojan Targeting Financial Institutions Recording day to day activity on Bank Employees’ PCs

How Does Hackers Poisoning Google Search Results

Unlike traditional threat spreading methods like Email based malspam, attacker using specific sets of search keywords which will query by targets using search engines such as Google and Bing.

It will be achieved through a compromised web servers and using those servers attackers ensure that, their malicious results would be ranked highly within search engines which will force the viewer to click the top search results.

For an Example, Cisco Talos have analyzed a Specific keyword “al rajhi bank working hours in ramada” that gives a search result with legitimate reviews and top ratings which could achieve by leveraging compromised business websites by poisoning Google Search Results.

Attackers always targetted by mostly used Financial keywords which belong to Bank and Financial sectors.

Especially, poisoning Google Search Results specific to financial institutions in India as well as the Middle East is the region which belongs to most used financial keyword.

    “nordea sweden bank account number”
    “al rajhi bank working hours during ramadan”
    “how many digits in karur vysya bank account number”
    “free online books for bank clerk exam”
    “how to cancel a cheque commonwealth bank”
    “salary slip format in excel with formula free download”
    “bank of baroda account balance check”
    “bank guarantee format mt760”
    “free online books for bank clerk exam”
    “sbi bank recurring deposit form”
    “axis bank mobile banking download link”

So while victims browsing compromised Webservers serach results  they would initiate a multi-stage malware infection process that was redirected to  fake AV scams that display images informing victims that their systems are infected with Zeus and instructing them to contact the listed telephone number.

When the malicious web pages are accessed by victims, the compromised sites use Javascript to redirect clients to Javascript hosted on an intermediary site and  this results in the client retrieving and executing Javascript and you can read complete technical analysis for the Mailicious JS File that has been downloaded by Vicitm.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

LUMMAC.V2 Stealer Uses ClickFix Technique to Deceive Users into Executing Malicious Commands

The LUMMAC.V2 infostealer malware, also known as Lumma or Lummastealer, has emerged as a...

Chimera Malware: Outsmarting Antivirus, Firewalls, and Human Defenses

X Business, a small e-commerce store dealing in handmade home décor, became the latest...