Hackers are using Google Images to spread malware-laden fake antivirus software, it has been revealed.
The malware campaign has infected thousands of websites that are mined by Google for images. When unsuspected users click on an infected image they are re-directed to a website that lures them into installing fake antivirus software that opens back doors to their systems.
Bojan Zdrnja of the Internet Storm Center wrote on a blog post (opens in new tab)that Google Images is undoubtedly being used to spread malware but the company was quickly flagging infected websites that are being used by hackers.
According to Zdrnja, hackers are targeting legitimate websites, usually hosted on WordPress, to inject their own PHP script, which is then used to generate content, including images, on topics which are currently trending on Google.
When Google mines the websites for content, it also caches the images being offered by the infected webpages. The exploit comes into effect when users click on the thumbnail on Google Images search results page.
“Since there are so many poisoned images they could maybe modify the screen that displays the results so it does not include the iframe – that will help in first step only, since if the user lands on the malicious web page there is nothing Google can do really,” the research said.