A new report from Securi, a website security provider, reveals that potentially malicious users have been adding themselves as verified webmasters of legitimate websites in the Google Search Console platform. Formerly known as Google Webmaster Tools, the Search Console provides information and tools for webmasters regarding search results, security issues, and Search Engine Optimization performance for their sites. 

The researchers believe that the hijacked accounts may be used for a number of potential reasons, including gathering statistics to inform other illegitimate search engine optimization campaigns, utilizing the identity of a verified website to submit their own spam-based web pages for Google to discover, testing their hacking campaigns against Google’s security notification system, and deleting the legitimate website owner’s access accounts so that they no longer receive notifications for a security breach of their website. 

The latter case would be the most problematic as webmasters typically receive notifications from Google Search Console when the search engine detects spam or security issues within their websites. Subsequently, a site which has been infected with malware can remain compromised for longer when the site’s legitimate webmaster has been deactivated as an account owner on the platform and no longer receives notifications. 

The researchers state that the current trend of hijacking Search Console accounts is linked to spam: “in our experience, verifying site ownership is currently mainly used in attacks that create tons of spammy doorway pages in Japanese (we see tens of thousands of affected sites, with over a billion created doorways).  They work in a niche of “cheap/fake brand goods” so you can normally detect them if you search your site for keywords like “louboutin“, “gucci“, “louis vuitton“, etc.