Don’t look for information about cats at work; you run the risk of being hacked
- Researchers have discovered a very specific SEO poisoning campaign
- The campaign drops a decade-old malware framework
- The end result is a Cobalt Strike beacon or ransomware
If you are an Australian interested in Bengal cats, be very careful when researching the subject online as you may get hacked.
Sophos cybersecurity researchers say in a new report on a new SEO poisoning campaign targeting people searching for Bengal cats in Australia.
SEO poisoning is a malicious technique in which cybercriminals manipulate search engine results to push websites under their control to the top of search engine results. When users access these websites, they are offered malware downloads or phished for sensitive data.
Limited operation
In this campaign, the crooks used Gootloader, a malware delivery framework primarily used to distribute various types of malware, such as ransomware and information stealing trojans (such as the Gootkit banking trojan). Sophos said they had seen Cobalt Strike beacons drop, as well as several types of ransomware.
Gootloader has been around for a decade, and so has SEO poisoning. There is nothing unusual about the compromise method or the tools deployed by the hackers. What is striking is the subject that the crooks chose for their distribution: Bengal cats in Australia.
Typically, the crooks would try to compromise as many computers as possible, or they would look for a specific high-value target, such as a financial institution or a hospital. In the first case, SEO poisoning is usually used to attack a larger cohort such as software developers, cryptocurrency users or the like.
In this scenario, the only people who would potentially become infected would be those searching for “Are Bengal cats illegal in Australia?”.
One possible reason could be that the scammers were trying to test out their SEO poisoning strategies without drawing too much attention to themselves, and therefore chose the most niche thing they could find.
Via The registry
