Why are AI-Powered Google Searches Promoting Malware?

What is the first thing you do when you have a question no one can answer confidently? Google it.

For years, Google has been the go-to search engine for countless users worldwide, handling billions of search queries every day. However, googling is most effective when queries are simple and specific – not open-ended. And Google users still need to navigate search results and parse information on their own.

That is, until Generative AI entered our lives.

In May of last year, Google released their Search Generative Experience, or SGE, a feature that leverages generative AI to augment, streamline, and personalize the traditional online search experience. Instead of having to break multi-layered questions down into smaller ones and organize output information manually, users can ask more complex questions and receive thorough, concise results alongside snapshots of relevant links and follow-up suggestions for further exploration.

Despite its potential, however, this search engine enhancement opens up new vectors for cybercriminals to exploit. As people and businesses increasingly rely on AI-powered search engines like Google’s SGE, hackers have found ways to manipulate these systems for their own gain, putting users and companies at risk.

Search Engine Exploitation

When it comes to layering security into search engine platforms, reputation can get in the way of reality. This means that content hosted on well-respected and highly trusted sites is often scrutinized less thoroughly by active web security solutions than those that receive less user traffic.

One way cybercriminals take advantage of this is by launching SEO poisoning campaigns. In these cases, threat actors create malware-infested sites and exploit search engine optimization techniques that prominently display these toxic links among top search results, increasing the chance that users will click on them.

Microsoft discovered such an exploitation in 2021 when hackers flooded search engine results with thousands of web pages infected with SolarMarker remote access trojan (RAT) malware, which offered various office template forms as bait for office workers. Hackers used AI-driven SEO functionalities to lift these contaminated web pages to the top of the search results list in order to trick unsuspecting users into downloading the SolarMarker payload, which would then steal credentials and establish hidden backdoors in users’ systems.

Google’s SGE feature is triggering the latest iterations of search engine vulnerabilities. Just last month, a new report found that the SGE’s algorithm was recommending malicious websites meant to trap users into phishing scams, among other nefarious activities.

Browser Insecurity

Alongside insufficient security, tools like SGE provide hackers with a sentiment they can exploit: User trust. Individuals and enterprises often underestimate web browsers as a point-of-entry for malicious attacks, and reputable web-based search engines have cultivated a significant amount of trust to the point where many users don’t think twice before opening search results they receive.

As a result, hackers are targeting web browsers –and within them, search engines—more consistently to access sensitive, personal, or corporate information in increasingly sophisticated ways, making it hard for end-users and threat detection platforms to keep up.  Basic browser security measures can be misled into deeming malicious websites as benign, enabling such sites to evade proactive detection and nestle into a security solution’s “safe list” before defenses can block the site. But by that time, users could have already fallen for a scam.

While it is incumbent upon search engines to secure their platforms and ensure safe and authentic results for their users, organizations and individuals alike still need to exercise caution. Though current security solutions are getting better at detecting malicious content, hackers are quick to adapt, often rendering “new” threat detection approaches ineffective quickly.

For instance, hackers have taken to employing self-altering polymorphic code to conceal their malware traps from the latest browser detection methods. This poses a formidable obstacle to traditional security protocols, as do next-generation phishing attacks that employ sophisticated social engineering techniques in order to deceive users into divulging sensitive information.

Modernize Security Measures

Generative search engines are a boon for today’s internet users, but they also open a can of worms that traditional web security solutions are not yet equipped to address. It is clear that even highly reputable search engine platforms like Google need a more dynamic solution. Fortunately, extension-based browser security solutions have risen to the occasion.

These solutions offer a dynamic approach to browser security, capable of inspecting nearly every aspect of website content displayed directly within the browser interface. Text, images, and scripts are among the many elements these solutions scrutinize.

Extension-based solutions also utilize machine learning and computer vision algorithms to analyze website code, network connections, and recognizable patterns associated with phishing attempts and malware traps. One of the key advantages of extension-based detection is the ability to observe malicious websites and downloads from the perspective of the user, waiting patiently until the malicious content is unveiled. With such robust capabilities, these solutions can detect and thwart even the most sophisticated and evasive tactics, including SEO poisoning, redirects, fake captchas engineered to trick users, and malvertising.

Through continuous monitoring and proactive identification of threat tactics and vulnerabilities, modern extension-based security solutions do what prior solutions do not: block malicious sites in real time. This safeguards users from falling victim to online scams and computer viruses, fostering a safer browsing and search environment for all.

Surf the Web Safely

For each new AI use case, new vulnerabilities remind us of the robust cybersecurity that is required in order to utilize this transformative technology safely.

Search engines are no exception.

Companies need to ensure that the generative AI-powered features they deploy cannot be used against the people they are meant to benefit. After all, search engines are among the most visited sites across the Internet, and traditional web security solutions meant to protect them still suffer from security gaps.

Though no security system is perfect, search engine operators who deploy advanced detection technologies and meticulous content scanning mechanisms at the point-of-click of browsers give users the best chance of surfing the web safely while avoiding AI-enhanced malware and social engineering campaigns.

The post Why are AI-Powered Google Searches Promoting Malware? appeared first on Unite.AI.

Unlock the power of our talent network. Partner with QAT Global for your staffing needs and experience the difference of having a dedicated team of experts supporting your enterprise’s growth.

Explore Articles from QAT Global