SEO Poisoning: Unmasking the Malware Networks Behind Fake E-Commerce
In a joint study with Japanese authorities and universities, Trend Micro has exposed a web of SEO malware families orchestrating fake e-commerce scams targeting Japanese users. The study highlights a troubling increase in these attacks, with nearly 50,000 fake e-commerce sites reported in 2023 alone. By employing SEO poisoning, these cybercriminals manipulate search engine results, redirecting users to fraudulent online stores designed to steal personal information and defraud consumers.
The malicious tactic, known as the “Japanese keyword hack,” involves hackers injecting SEO malware into compromised websites to alter search engine results. As Trend Micro explains, “SEO malware are installed into compromised websites to intercept web server requests and return malicious contents.” This approach tricks search engines into ranking fake product pages, leading users who search for these products to click on malicious links. Once a user is redirected to these sites, they are exposed to potential fraud or data theft.
Maltego graph within the dataset of the groups (red circles) and subgroups (blue circles). Legends are overlaid for clarity | Image: Trend Micro
Through analyzing over 227,000 fake e-commerce sites and command-and-control (C&C) servers from six distinct SEO malware families, Trend Micro identified three main groups, each employing unique malware families, while one group used multiple malware types. By mapping these connections, researchers revealed that “malware A, C, D, E, and F managed independent lists of fake shopping sites,” while “malware B appeared to share a list of a few large fake shopping sites across C&C servers.” This setup enables the malware operators to create an extensive and flexible infrastructure to deceive users across a range of product categories.
Fake e-commerce sites lure users with steep discounts and impersonate well-known brands. Trend Micro advises shoppers to stay vigilant, recommending they look for warning signs, such as suspicious URLs, unusually cheap prices, and a diverse range of products on lesser-known sites. These red flags can help consumers avoid becoming victims of online scams when shopping for the first time on an unfamiliar website.
