Exact six-words you should never search on Google to avoid being hacked
THERE is a six-word Google search term that has been hijacked by cybercriminals to hack into your devices.
It seems like a fairly innocent search term.
But according to cybersecurity firm Sophos, criminals are "poisoning" obscure Google searches to exploit a vulnerability in web browsers.
Typing the words "Are Bengal cats legal in Australia" into Google could be disastrous, researchers say.
Hackers have created a slew of fake websites that occupy the top results under that search phrase.
If clicked on, these websites would download malicious software onto the searcher's computer or smartphone.
READ MORE ON SCAMS
The malware aims to steal personal data, such as names, email addresses and phone numbers.
Perhaps more concerning is that the malware is also attempting to obtain your financial details and login credentials.
This could lead to a devastating raid on your bank account, and the loss of important accounts.
Once a device is infected, it can also be used to spread the malware onto other computers and smartphones, researchers added.
While the search term may be niche - and unlikely to be typed in by anyone without a Bengal cat or an interest in going to Australia - hackers appear to have found this a more effective hack.
Search terms used by only a few thousand people have less competition when it comes to getting malicious websites at the top of the results page.
"When you do a Google search and it says ‘there aren’t very many good answers for this’, that’s an opportunity [for hackers]," Sean Gallagher, a cybersecurity researcher at Sophos,
"They can say, ‘OK, I’m going to build a website that appears to answer this question, and I’m going to use it for malicious purposes’.”
A Google spokesperson said: “The example in this report is an extremely uncommon query, and the website referenced doesn’t rank highly in search.
"Our advanced spam-fighting systems aggressively target hacked spam, which can appear when there are vulnerabilities in a site’s security.
"We notify sites if our systems detect that they may have been hacked, and provide tips so that site owners can better ensure the security of their sites.”
'Several massive campaigns'
This type of hack is called "SEO [search engine optimisation] poisoning", and first emerged in 2020, according to a recent blogpost by Sophos.
But it has become much more common, according to Gallagher, with "several massive campaigns" surfacing over the past year.
Last year, the term Blender 3D - a popular graphics software programme - was "poisoned" in web searches.
Instead of results for the graphics software, searchers found malicious websites in the paid-for advert section of the results page.
READ MORE SUN STORIES
The dangerous sites even appeared above the genuine site of blender.org, and lured web surfers into downloading malicious software onto their PCs.
Hackers have tried similar techniques with Photoshop, as well as financial trading tools and programmes, according to The Times report.