Cybercriminals Use Fake Cat Websites To Deliver Malware

A new wave of cybercrime targeting Bengal cat enthusiasts in Australia has surfaced, as hackers deploy fake cat-related websites to trick unsuspecting users into downloading malicious software, as first uncovered by Sophos.

The scheme is part of a broader campaign by cybercriminals using a malware program known as GootLoader, which has previously been linked to harmful programs like REVil ransomware and the Gootkit banking trojan, as reported by Sophos.

These attackers rely on “search engine optimization (SEO) poisoning” to make their malicious sites appear at the top of search engine results for specific queries.

For example, people in Australia curious about Bengal cat ownership and legality might search online, only to find a fake, malware-laden site among the top results. When clicked, this site downloads harmful files onto their computer, says Sophos.

Once the malware, known as GootLoader, infiltrates a user’s system, it opens the door for a second stage of malware called GootKit.

GootKit is a “remote access trojan” (RAT) and information-stealing program that can stay hidden on the user’s device, potentially enabling hackers to access sensitive data, control files remotely, or even deploy ransomware, as reported by Sophos.

The cybercriminals behind GootLoader target users by directing them to compromised websites, disguised as legitimate sites containing answers to popular queries, reports Sophos.

In this case, the query “Are Bengal cats legal in Australia?” served as bait, luring users to download an infected file under the guise of informative content. Once downloaded, the malware can stay undetected, establishing a persistent foothold on the victim’s device and enabling further malicious activity, as reported by Sophos.

To protect against this threat, Sophos advise caution when clicking on links, particularly for search results that appear unusually high-ranking or seem unrelated to well-known websites.

While many security programs can detect GootLoader, users should still stay vigilant for suspicious ads or search results that lead to unfamiliar sites. As cybersecurity experts warn, if a search result or link seems too good to be true, it might just be bait.