X-Industry

Cat Ladies Beware

Posted by Jim McKee on November 18, 2024 at 12:00pm

13156754661?profile=RESIZE_180x180New research shows that criminal cyber actors are seemingly targeting Australians with a penchant for Bengal cats, a breed of hybrid feline created from crossing an Asian leopard with domestic breeds. Using Gootloader, a popular malware strain often used as an infostealer or as malware dropped before ransomware attacks, Sophos found that the threat actors target users who search "Are Bengal cats legal in Australia?" and other similar questions.

In one example, the researchers found that one website returned the following after this kind of search query: a search engine optimization (SEO) poisoned forum containing hyperlinked texts that, if clicked on, lead the user to download a .zip file. The Gootloader gang is particularly known for SEO poisoning, duping victims into clicking on malicious links disguised as legitimate resources. This is just the first stage of the malware's payload.

After downloading, the user is redirected to a different website containing a large JavaScript file. This leads to multiple processes being run on the user's device, allowing threat actors to pass commands and establish persistence to deploy Gootkit, the second stage of the payload. The malware then acts as a precursor to other tools, such as ransomware or Cobalt Strike.

The detection of the Gootloader variant used in the attacks led to a threat-hunting campaign by Sophos X-Ops MDR. Its researchers report that they've "seen continued growth in this approach to initial compromise, with several massive campaigns using this technique over the past year."

See: https://redskyalliance.org/xindustry/new-gootloader-malware-gootbot

While there are protection blocks that users can implement to detect this kind of malware, they should adhere to best practices and be wary of suspicious links or sources that may seem questionable.

 

This article is shared at no charge and is for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com

• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941

Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424

Views: 18
Tags: tr-24-319-004, australians, bengals, gootloader, ransomware, zip file
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!