One cybersecurity company has identified a sophisticated hacking attempted in an area you might not expect, warning that typing a specific set of six words into Google's search engine leaves you vulnerable to an attack.
While security measures have increased dramatically over the last several decades, the unfortunate reality is that so have hackers, with new and sophisticated attacks being conjured up all of the time.
Most people are away of the basics when it comes to internet safety, although the rise of new technology is making it harder to spot malicious content for some, yet you'd be surprised at how easy it is to fall into a hacker's trap by doing something that would otherwise appear to be harmless.
There are new tools being developed that help stamp out the number one cause of data breaches and exposed credentials, but a recent frightening revelation from one cybersecurity firm unveiled how a simple Google search could leave you vulnerable to attacks.
Advert
As detailed in a blog post, cybersecurity experts over at Sophos have revealed how hackers are exploiting malware software through search engine optimization (SEO) to lead people into sites that steal their data.
It starts with what's known as GootLoader, which implants malware onto targeted devices through JavaScript, compromising otherwise legitimate sites (often hosted on WordPress) to implant malicious ZIP files that are instantly downloaded upon accessing the page.
Combined with this, the hackers target specific terms that people search frequently on places like Google or Bing, using a tactic known as 'SEO poisoning' to ensure that the malicious pages appear high up in the search results and therefore are clicked on at a higher frequency.
"Victims are often enticed into clicking on malicious adware or links disguised as legitimate marketing, or in this case a legitimate Google search directing the user to a compromised website hosting a malicious payload masquerading as the desired file," the blog post explains.
"If the malware remains undetected on the victim's machine, it makes way for a second-stage payload known as GootKit, which is a highly evasive info stealer and remote access Trojan (RAT) used to establish a persistent foothold in the victim's network environment."
The phrase in question that Sophos identified in its research was: 'Are Bengal Cats legal in Australia?' — something many prospective pet owners might be searching for and willing to download information to fully understand current regulation.
This otherwise innocuous search has been turned into a hostile attack, and while simply searching the six-word question into Google won't directly do any harm, you put yourself at risk as soon as you click on any of the resulting links as theoretically any of them could contain the aforementioned malware payload.