A group of cybercriminals has exploited Google Data Studio, now known as Google’s Looker Studio, to boost their rankings on the search engine. The threat actors have employed an SEO poisoning attack to endorse their illegal websites that offer pirated content, torrents, and spam.
Based on reports, the search engine optimisation (SEO) poisoning attack utilised Google’s data studio subdomain to increase the credibility of the illicit domains.
A concerned reader prompted a group of researchers to investigate the issue after several pages of Google search results were bombarded with datastudio[.]google[.]com links. The links have taken the form of mini websites that store links to pirated content instead of representing an authentic Google Data Studio web page.
The researchers have proven that the malicious page was a spam-filled website after they accessed a torrent download of Terrifier 2 from bit[.]ly links, which redirected them to other websites with numerous spams.
In addition, the threat actors used the SEO poisoning attack through the keyword stuffing method to boost the rankings of their malicious websites. Accessing one of the “bit[.]ly” URLs will further redirect a user to several spam websites that promote streaming sites, online surveys, and spam.
Google’s Looker Studio is formerly known as the Google Data Studio.
The company introduced Google’s Looker Studio in 2016. This tool is a web-based business intelligence kit that allows its users to transform data into a customisable informative report and dashboard for more straightforward analysis and visualisation.
The Data Studio can be utilised by anyone to track and visualise the download counts of open-source packages for a limited time. However, it is similar to every other web server prone to being exploited by malicious entities that look to host malicious content or abuse the SEO poisoning mechanics to boost illicit domains.
Currently, the most used keywords for targeting US-based users are related to the midterm elections. Moreover, some threat actors are spreading malware-embedded Zoom, Visual Studio, and TeamViewer installers.
Google is yet to publish or announce their actions in addressing the current issue with its kit.
