Threat actors are abusing Google’s Looker Studio (previously Google Data Studio) to spice up search engine rankings for his or her illicit web sites that promote spam, torrents, and pirated content material.
The search engine optimisation poisoning assault analyzed by BleepingComputer makes use of Google’s datastudio.google.com subdomain to lend credibility to malicious domains.
Abusing Data Studio to spice up warez websites’ rankings
BleepingComputer has come throughout a number of pages of Google search outcomes flooded with datastudio.google.com hyperlinks after a involved reader reported seeing the erratic conduct to us.
These hyperlinks, quite than representing a respectable Google Data Studio undertaking, are minisites that host hyperlinks to pirated content material.
For instance, one such search end result we clicked on, directs customers wanting to “Download Terrifier 2 (2022)” to bit.ly hyperlinks that additional redirect a number of occasions to in the end land on a spammy web site.
As evident from the screenshot beneath, the search engine optimisation poisoning marketing campaign makes use of the key phrase stuffing method which is usually thought-about a type of webspam, to spice up rankings of those illicit domains:
Clicking on one among these Bit.ly URLs additional redirects the consumer a number of occasions earlier than they arrive on a web site selling on-line surveys, streaming websites of doubtful legality and authenticity, and spam:
Introduced in 2016 by Google, Looker Studio (previously, Google Data Studio) is a web-based enterprise intelligence software that allows customers to remodel knowledge into customizable informative reviews and dashboard for simple visualization and evaluation.
Data Studio might be and has been used to, for instance, monitor and visualize the obtain counts of open supply packages for a given interval.
While the respectable enterprise use instances of Looker Studio are a lot, very like another net service, it is not immune from being abused by menace actors trying to host questionable content material or manipulating search engine optimisation for his or her illicit domains.
search engine optimisation poisoning campaigns noticed previously have focused U.S. midterm election key phrases, and extra not too long ago been seen pushing malware-laced Zoom, TeamViewer, and Visual Studio installers.
BleepingComputer has reached out to Google prematurely of publishing to grasp how Google plans on tackling the problem and we’re awaiting their response.