!! Google's new AI search results promotes sites pushing malware, scams
-
Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams.
Earlier this month, Google began rolling out a new feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries for search queries, including recommendations for other sites to visit related to the query.
However, as SEO consultant Lily Ray first spotted, Google's SGE is recommending spammy and malicious sites within its conversational responses, making it easier for users to fall for scams.
BleepingComputer found that the listed sites promoted by SGE tend to use the .online TLD, the same HTML templates, and the same sites to perform redirects.This similarity indicates that they are all part of the same SEO poisoning campaign that allowed them to be part of the Google index.
When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site.
In BleepingComputer's tests, the redirects most commonly lead you to fake captchas or YouTube sites that try to trick the visitor into subscribing to browser notifications.
Full article https://www.bleepingcomputer.com/news/google/googles-new-ai-search-results-promotes-sites-pushing-malware-scams/
-
Meh. I fail to see how it is any real difference to google already promoting malware and scams because they are paid results.
-
@Dr-Flay Kinda like the VLC pro 20XX scams that pretend to be VLC but with a blue traffic cone and adware included out of the box?
-
@JoeBecomeTheSun, since time I use SMplayer instead, but generally I use only OpenSource apps (like VLC) but in this case I look first where are the source (GitHub, GitLab, maybe Sourceforge) and downloading from there or from the homepage. This generally evite surprises. I also check the downloads before I use or install these.
I always be carefull since in my first experiences on the Internet, innocent and ignorant more than a quarter of a century ago, I learned to type at 200 keystrokes per minute, while a Virus completely crushed my system. An experience that I do not like to repeat and I have had my OS clean since then.
The Internet is a jungle and you shouldn't even trust your own shadow. Check everything before you use it. -
@Catweazle Remember that anything on the internet is untrusted code until proven otherwise. In my view browsers should have built in ad blockers and ad networks should be more discerning. If you are an ad network you should be able to be held liable when people pay you to advertise malware and you take the money and advertise the malware. There would be no malvertising if every instance you are caught results in an automatic $5000 dollar fine per impression. Same with data breaches, if every leak is an automatic $5,000 dollar fine per person, then there will be no more data breaches and end to end encryption will be more common.
-
@Catweazle I came across this nice (and very minor) tweak to the Google search string, which neatly bypasses the AI stuff:
-
@rseiler, I make it nicer and easier, I simply don't use Google for searches.
-
Nothing new that Google Search gives users more and more bad scam/malware links and some are linked by ad sites. Such sites are optimised to get high rate by google AI bot. Google search is optimzed for ads, not for security.
And AI Search gives you results which read nice and serious. AI is a good faker. -
@DoctorG, Andisearch does a good and reliable job. It even admits if it don't know or can't find the answer, offering to do a simple websearch with the search engine of your choice, it invents nothing to satisfy the user. Not all AI are the same, it mainly depends on the proposit of the devs, those from big corporation we already know.