Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign
Nov. 6, 2024, 5:34 p.m.
Tags
External References
Description
A new Gootloader variant has been discovered using search engine optimization (SEO) poisoning to target Australian Bengal cat enthusiasts. The campaign uses Google search results for 'Are Bengal Cats legal in Australia?' to deliver malicious payloads. When users click on compromised links, a zip file containing obfuscated JavaScript is downloaded. This initial payload drops a larger JavaScript file, which creates a scheduled task for persistence. The second stage uses WScript and CScript to execute additional PowerShell commands. While the full deployment of GootKit was not observed in this case, the malware typically leads to information stealing and potential ransomware attacks. The campaign demonstrates the ongoing evolution of Gootloader's tactics and the continued threat of SEO poisoning for malware delivery.
Date
Published: Nov. 6, 2024, 2:29 p.m.
Created: Nov. 6, 2024, 2:29 p.m.
Modified: Nov. 6, 2024, 5:34 p.m.
Indicators
ea781eef1da03ea2c3b5250ce26b00445d8a5123bbb0575c583211cca53c61db
9a7e79d4ff235feb12672979dfc073d2b4572233772ae500ef6b69c670a9820e
5f2c97499943878d853332da541138bd6ccbafca7e00d6f90d06545b27b66ca3
435f48667b32c3ab8bb806a8783c0fc40af86e6c5cbf6f621d6e1a3f331483ed
www.chanderbhushan.com
wyantgroup.com
wowart.vn
serviciilaser.ro
rkbaienfurt.de
playyourbeat.com
metropole.com.au
ledabel.be
fannisho.com
climatehero.me
Attack Patterns
Gootloader
GootKit
Gootloader
Additional Informations
Australia