Gootloader Cyberattackers Target Bengal-Cat Aficionados in Oz

New research is showing that criminal cyber actors are seemingly targeting Australians who have a penchant for Bengal cats, a breed of hybrid feline created from crossing of an Asian leopard with domestic breeds.

Armed with Gootloader, a popular malware strain often used as an infostealer or as a malware dropped prior to ransomware attacks, Sophos found that the threat actors are targeting users who search "Are Bengal cats legal in Australia?" and other similar questions.

The researchers found, in one example, that one website returned the following after this kind of search query: a search engine optimization (SEO)-poisoned forum containing hyperlinked texts leading the user to download a .zip file if clicked on. SEO poisoning is what the Gootloader gang is particularly known for, duping victims into clicking on malicious links disguised as legitimate resources.

And this is just the first stage of the malware's payload. 

Following a download, the user is redirected to a different website containing a large JavaScript file. This leads to multiple processes being run on the user's device, allowing threat actors to pass commands and establish persistence to deploy Gootkit — the second stage of the payload— and the malware then acts as a precursor to other tools, such as ransomware or Cobalt Strike.

The detection of the Gootloader variant used in the attacks led to a threat-hunting campaign by Sophos X-Ops MDR, with its researchers reporting that they've "seen continued growth in this approach to initial compromise, with several massive campaigns using this technique over the past year."

And while there are protection blocks that users can implement to detect for this kind of malware, it's best that they adhere to best practices and be wary of suspicious links or sources that may seem questionable.