Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains. Attackers use Google search redirection and drive-by-download tactics to direct unsuspecting victims to the RAT. Typically a person who visits the infected site simply executes a binary disguised as a PDF by clicking on a purported form thus infecting his or her machine. Once a RAT is comfortably installed, the potential fraud activities are numerous, researchers noted.
Source: https://threatpost.com/google-sites-solarmarket-rat/165396/