Website hackers hijack Google webmaster tools to prolong infections

The Google Search Console which was formerly known as the Google Webmaster Tools, is a very useful service for administrators to understand how their websites perform in search results.

In addition to providing analytics about search queries and traffic, it also allows webmasters to submit new content for crawling and to receive alerts when Google detects malware or spam issues on their websites.

That last part is very important, because website infections can quickly lead to lost traffic and reputation. Users who click on links in search results that lead to websites hosting malware or spam will receive scary warnings until those websites are cleaned by their owners.

Google allows more than one person to claim ownership over a website in his or her  own Search Console accounts. That's not unusual because running a website usually involves multiple people. The owner, the site administrator and the search optimization specialist can, and often are, separate individuals and they can all benefit from the Search Console data in their respective roles.

Getting verified as a website owner in the context of the Google Search Console can be done in different ways, but the easiest is to upload an HTML file with a code that's unique for every user into the website's root folder.

However, many of the vulnerabilities that allow attackers to inject malicious code into websites also give them the ability to create rogue files on the underlying Web servers. Therefore, they can use such flaws to verify themselves as new website owners in the Google Search Console by creating the needed HTML files.

Such abuses are actually increasingly common, according to researchers from Web security firm Sucuri, who have seen many webmasters complaining on technical support forums about rogue owners showing up in their Google Search Console.

According to the Sucuri researchers, by becoming verified owners for compromised websites, attackers can track how well their BHSEO campaigns perform in Google Search. They can also submit new spam pages to be indexed faster instead of waiting for them to be discovered naturally by Google's search robots, they can receive alerts if Google flags the websites as compromised, and, most importantly, they can remove legitimate owners of the site from the Search Console.

whenever legitimate website owners receive "new owner" notifications from Google, webmasters should thoroughly investigate them.

"In most cases it means that they had full access to your site, so you should close all the security holes and remove any malicious content that the hackers might have already created on your site," Sinegubko said.

Source