Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Sophos has uncovered an unusual cyberattack in which criminals used the Gootloader malware to infect the computers of Bengal cat lovers from Australia. Gootloader has been known since 2014 and can steal information or serve as a downloader of other viruses, including ransomware.
Usually, cybercriminals target large companies, banks, or influencers, but this time the attackers decided to hack into the devices of users interested in the question: "Are Bengal cats legal in Australia?" The attackers have created fake pages that are specially tuned to get to the top of the search results for this query.
When users went to such a site, they were prompted to download a ZIP file. After opening the archive, the first part of the malicious code was downloaded to the computer. The browser was then automatically redirected to another site, where a large JavaScript file was downloaded, running a series of processes on the device.
Among the processes, there were indications that the attackers were trying to gain a foothold in the system and pass PowerShell commands to deploy Gootkit, the third stage of the attack. This has led to the introduction of additional tools, such as Cobalt Strike and other ransomware.
Sophos highlighted that Gootloader is part of a broad Malware-as-a-Service (MaaS) distribution scheme that actively uses search results to reach victims. The tactics of SEO optimization and advertising on search platforms to download malicious files are not new. Such methods have been popular among Initial Access Brokers (IACs) and ransomware groups since 2020.
Malvertising, or malvertising, also remains a serious problem, as it allows criminals to spread viruses through fake advertisements. Google has also been criticized for making such sites appear in search results, but the company claims that it takes action and removes such resources when they are found.
Source
Usually, cybercriminals target large companies, banks, or influencers, but this time the attackers decided to hack into the devices of users interested in the question: "Are Bengal cats legal in Australia?" The attackers have created fake pages that are specially tuned to get to the top of the search results for this query.
When users went to such a site, they were prompted to download a ZIP file. After opening the archive, the first part of the malicious code was downloaded to the computer. The browser was then automatically redirected to another site, where a large JavaScript file was downloaded, running a series of processes on the device.
Among the processes, there were indications that the attackers were trying to gain a foothold in the system and pass PowerShell commands to deploy Gootkit, the third stage of the attack. This has led to the introduction of additional tools, such as Cobalt Strike and other ransomware.
Sophos highlighted that Gootloader is part of a broad Malware-as-a-Service (MaaS) distribution scheme that actively uses search results to reach victims. The tactics of SEO optimization and advertising on search platforms to download malicious files are not new. Such methods have been popular among Initial Access Brokers (IACs) and ransomware groups since 2020.
Malvertising, or malvertising, also remains a serious problem, as it allows criminals to spread viruses through fake advertisements. Google has also been criticized for making such sites appear in search results, but the company claims that it takes action and removes such resources when they are found.
Source
