Internet Storm Center researcher Bojan Zdrnja writes that the attackers are mostly targeting Wordpress sites, and are injecting PHP code that generates pages with images based on highly-searched content. Google then indexes these pages, and the images show up on Google's image search.

Image hack is widespread and effective

Image searchers can be redirected to these fake antivirus sites, thanks to Google displays images when clicked, Zdrnja wrote. At least 5,000 sites have been compromised, and Google could be serving as many as 15 million hits a month to these malicious pages.

Russian security researcher Denis Sinegubko said that, in about 90 percent of the compromised image searches, results from malicious websites appear on the first page.

"The main problem is not that cybercrooks managed to seriously poison Google Image search results but the fact that many people do click on such results and get exposed to malicious content," Sinegubko wrote to the on Thursday.