SEO Poisoning Campaign uses Keywords related to the 2018 U.S. Midterm Election

Hackers are using keywords pertaining to the 2018 U.S. midterm elections to promote scam websites that fools users into installing malicious software on their system. The elaborate SEO poisoning campaign has compromised more than 10,000 websites so far.

SEO Poisoning Campaign uses Keywords related to the 2018 U.S. Midterm El...
Exploiting the 2018 U.S. Midterm Elections for SEO Poisoning

“Bait and Click” is one of the most prevalent methods used by hackers to entice users to malicious websites. Novice internet users are the usual prey to this method – as they get lured by the addictive content on these pages and ultimately end up clicking one or several links that unleashes a deadly virus on their computer system. Over the years, hackers have upped their game with Search Engine Optimization (SEO) poisoning – one that befuddles the search engine of Google and Bing by ranking a malicious website higher up – which significantly increases the chances of such pages to be discovered and clicked.

According to a report by Zscaler, one such SEO poisoning campaign has now targeted users that search for news related to the 2018 U.S. midterm elections. The campaign uses keywords related to the elections to lure victims into multiple scam and adult sites. By clicking on these sites, unwanted or malicious software’s are then installed on their system.

For example, let’s say one searches for the term, “Texas” and “Senate Candidates” on Google. The top few links actually show the names and websites of Democratic and Republican candidates running from the state of Texas in the U.S. However, the lower ranking links on the first page itself can be that of a malicious website. As users begin to click on such pages, the content quickly changes to that of a scam website, one that most commonly features adult content. Young and novice users who are oblivious to the technique falls prey, as the content lures them into installing a malicious software on their system that compromises personal data and information.

“After about a month of looking at this “midterm elections” SEO poisoning campaign, we found more than 10,000 compromised websites with more than 15,000 keywords, and we continue to find hundreds of newly compromised sites involved in this activity every day,” said Zscaler researchers.

In SEO poisoning, cybercriminals use keywords that are trending at the moment. The 2018 U.S. midterm elections have been cited as one of the most important elections in modern U.S. history. While on one hand, Democrats wish to regain control of Congress to thwart Donald trump’s nationalist agenda, Republicans also aim to keep control of the government and push forward anti-immigration and conservative laws. As several people look up news pertaining to the elections, it’s a landmine for hackers to exploit and push forward malicious web pages.

Zscaler researchers have added that the compromised websites use two distinct methods of operation to redirect users. The first mode involves the user going through multiple redirects before landing on a malicious page. In the second mode, users are redirected to a Malware-as-a-service platform, which starts another redirection chain leading to the final landing page.

Irrespective of the mode used, users are prone to fall victim to the scam by clicking on the bait. A considerable number of U.S. internet users are extremely gullible – as demonstrated by their inability to segregate real news from fake ones. Russia used their gullibility during the 2016 U.S. presidential elections to promote propaganda that helped Donald Trump win in the first place. Now, hackers are clearly exploiting the precarious political scenario in the U.S for bait and click.