Cybercriminals often rely on blackhat SEO techniques to lure unsuspecting internauts to their malicious sites. In one recent example, GFI Labs researchers have found that searching for “Windows Android Drivers” on Yahoo! can point to some nasty pieces of malware.
According to experts, when users visit one particular Russian website – bestdrivers-11.ru – they’re automatically served a file called install.exe.
When executed, this file unleashes a Trojan detected as Trojan.Win32.Generic!BT, which modifies the victim’s startup page in Internet Explorer, making it point to a Russian escort site.
In case victims visit the bestrivers-11 website from their Android phones, they’re presented with links to various other Russian domains which point to fake Google Play sites.
These rogue app markets are designed to distribute Trojans that help the crooks make a profit by sending SMS messages to premium rate numbers.
Experts warn users that the fake markets are very well designed and it’s easy to mistake them for the real deal.