Legitimate website owners are facing the risk of losing their legitimacy as hackers found a way to prolong the infection on a compromised website, all they need to do is verify their identity as the owner of that website through Google’s webmaster tool.
Hackers are abusing Google’s Search Console to continue perpetrating their malicious activities with an infected website for an extended period without getting noticed. One of the Google Search Console’s function is to enable webmasters to get notifications of malware or spam content from Google.
Webmasters then need to clean their website, lest they lose their ranking in the Google search result until their site is cleansed. The Google Search Console allows multiple individuals to claim ownership of a website. This is usually the case since a website is being run by multiple account owners. Using the webmaster tool, these multiple owners can view data on their site’s performance and other metrics. It serves as an analytics tool.
One way to validate oneself as a website owner is to send an HTML file containing a unique user code to the site’s root folder. But then there are flaws in this method that allows hackers to upload malicious code to the root folder of the site, allowing the attackers to establish themselves as legit owners by creating rogue folders.
The vulnerability with Google Search Console has been increasingly the favorite resort of hackers to confirm themselves as owners of a website. Some websites even have hundreds of owners listed in the console, but only a few are legit in reality.
Using these compromised websites and their prolonged authority, hackers are able to increase traffic to their spam campaign by creating fake pages that manipulate search engines to boost their search ranking. The attackers can also track the metrics and performance of their malicious campaign by verifying themselves as the legit site owners.
Furthermore, attackers can also index their spam web pages in Google’s search results and even replace their real legit owners from the Google Search Console and remove them from the owners list by deleting their HTML files from the site’s server. This will likely pose more threat to users than the site owners because if Google later sends security alerts to the presumed site owner, it will be the attackers who will receive the message and not the real owners, thereby dismissing the alert.
It could take an indefinite period for the owners to detect that they are no longer verified in their own website. But the most difficult part then will be removing the rogue owners from the site list.