Cybersecurity experts are warning internet users to avoid searching six specific words that might just get them hacked.
A new hacking campaign is targeting Aussies—and cat lovers. If you live in Australia and are curious about which types of cats are legal there, you might want to ask a professional and not research online. Hackers are targeting anyone who searches the phrase: “Are Bengal Cats legal in Australia?”
Videos by VICE
Cybersecurity firm SOPHOS claims that hackers are hijacking the results of this specific Google search, flooding the page with malicious links containing malware.
“Victims are often enticed into clicking on malicious adware or links disguised as legitimate marketing, or in this case a legitimate Google search directing the user to a compromised website hosting a malicious payload masquerading as the desired file,” SOPHOS wrote in a blog post.
These hackers are using malware called GootLoader, which has been around for nearly 10 years and was previously used by Russian actors.
“Once used exclusively by the cybercriminals behind REVil ransomware and the Gootkit banking trojan, GootLoader and its primary payload have evolved into an initial access as a service platform—with Gootkit providing information stealing capabilities as well as the capability to deploy post-exploitation tools and ransomware,” SOPHOS explained.
“Detection of a new GootLoader variant actively being used by adversaries earlier this year led to a broad threat hunting campaign by Sophos X-Ops MDR for GootLoader instances across customer environments,” SOPHOS continued.
They explained that these hackers are using what is called “SEO poisoning,” or “the use of search engine optimization tactics to put malicious websites controlled by GootLoader’s operators high in the results for specific search terms.”
In this case, for whatever reason, the actors were targeting Aussie cat lovers.
I’m not quite sure whether Bengal cats are legal in Australia, and quite frankly, I’m too scared to check now.
“Sophos endpoint protection blocks GootLoader through a number of behavioral and malware-specific detections,” wrote SOPHOS. “But users should still look out for search results and search advertisements that seem too good to be true on domains that are off the beaten path—whether they’re looking to get a Bengal Cat or not.”