SOPHOS, a US-based cybersecurity firm, has issued a warning to internet users about a unique cyber threat tied to a seemingly harmless search phrase: “Are Bengal Cats legal in Australia?” Hackers are reportedly exploiting this specific search term to lead users to malicious websites.
SEO poisoning leads to malware infection
By using SEO poisoning, cybercriminals have manipulated Google’s search results to rank these malware-laden sites highly, enticing users with what appear to be legitimate links. Once clicked, users risk infection by GootLoader malware, which can steal data, deploy ransomware, and install other harmful software.
GootLoader: Malware delivery platform
The Sophos report highlights that GootLoader, an evolved malware-delivery platform that has been repurposed by cybercriminals as an “initial access as a service” tool, relies heavily on search engine optimization (SEO) poisoning to trick users into clicking malicious links in their search results. The attackers rank these compromised websites highly on Google by leveraging popular search terms, such as “Are Bengal Cats legal in Australia?” Once a user clicks the link, a seemingly innocent .zip file is downloaded, containing JavaScript-based malware designed to evade detection.
Upon execution, the initial JavaScript downloads a second-stage payload, identified as GootKit—a remote access trojan (RAT) that establishes a foothold in the victim’s network. This malware is capable of persisting through multiple sessions and can later deploy other malicious software like ransomware.
Advice for safe internet browsing
SOPHOS cautions users to stay vigilant, avoid suspicious links, and be mindful of search phrases that may disguise potential cyber threats. They advise avoiding unusual or overly enticing search terms and being wary of search results on unfamiliar websites, as SEO-poisoned links continue to serve as a significant vector for initial malware compromises.