Most of links lead to safe websites such as Wikipedia, but in some cases, they are also on personal blogs or news sites.
In an active campaign detected by Jerome Segura of Malwarebytes, attackers were redirecting users from a featured snippet for a Hungarian site to an online store where they were selling product keys for Microsoft Office.
If the user felt something was wrong when they clicked on a domain and ended up on another, by accessing the Hungarian site, they would actually end up redirected to a page hosting the Neutrino exploit kit, which in turn would infect them with the CryptMIC ransomware.
Hackers were able to trick Google’s search engine to classify the original website, a sports-related portal, as the best answer for an Office-related question, meaning Google has two problems instead of one.
Gaming SEO results isn’t something new by any means, but you’d expect this to happen with regular search results, not featured snippets.