Cyber criminals hijack Google Looker Studio in order to put their malicious websites at the top of search engine result pages, promoting spam, pirated content and torrenting.
The campaign uses a technique known as SEO poisoning. This method uses a legitimate copy of the website and fills it with links leading to these malicious sites. In the eyes of Google's search engine algorithm, links give spam sites enough credibility for the tool to rank them high for specific keywords.
This specific attack uses Google's datastudio.google.com subdomain.
Fake hit movie downloads
BleepingComputer says it found several Google search results pages "flooded with links to datastudio.google.com" after being warned by a concerned reader. The links do not lead to an actual Google Data Studio project, but to websites hosting pirated content, such as current blockbuster movies (Black Adam, Black Panther: Wakanda Forever, etc.).
Before actually landing on these pages, the victims will also be redirected several times.
SEO poisoning is a known method that threat actors often use to improve their chances of landing malware on more endpoints (opens in a new tab).
Most of the time, SEO poisoning is used to push torrent sites to the top of Google results pages for queries like commercial software, latest movies, or computer games. Consumers looking to save a few bucks on software and games sometimes turn to shady sites that promise cracks and activators that would allow them to use the products without paying a license fee.
Most of the time, activators and cracks don't really work as advertised, and all they do is distribute viruses or malware. These malicious programs are capable of causing all sorts of havoc, from installing cryptocurrency miners, stealing sensitive data, deploying ransomware, and rendering devices completely useless.
Via: BleepingComputer (Opens in a new tab)