The Gootloader malware loader, previously used for distributing the Gootkit malware family, has undergone a renaissance when it comes to payload delivery. It has expanded the number of payloads its delivers to include the Kronos trojan and the Cobalt Strike commodity malware. This technique leverages SEO-friendly terms in attacker-controlled websites, in order to rank them higher in Google s search index. In the end, the method brings more eyeballs to the malicious sites, which contain links that launch the attack chain.
Source: https://threatpost.com/malware-loader-google-seo-payload/164377/