Today > | 7 High | 26 Medium | 8 Low vulnerabilities   -   You can now download lists of IOCs here!

Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign

Nov. 6, 2024, 5:34 p.m.

Description

A new Gootloader variant has been discovered using search engine optimization (SEO) poisoning to target Australian Bengal cat enthusiasts. The campaign uses Google search results for 'Are Bengal Cats legal in Australia?' to deliver malicious payloads. When users click on compromised links, a zip file containing obfuscated JavaScript is downloaded. This initial payload drops a larger JavaScript file, which creates a scheduled task for persistence. The second stage uses WScript and CScript to execute additional PowerShell commands. While the full deployment of GootKit was not observed in this case, the malware typically leads to information stealing and potential ransomware attacks. The campaign demonstrates the ongoing evolution of Gootloader's tactics and the continued threat of SEO poisoning for malware delivery.

Date

Published: Nov. 6, 2024, 2:29 p.m.

Created: Nov. 6, 2024, 2:29 p.m.

Modified: Nov. 6, 2024, 5:34 p.m.

Indicators

ea781eef1da03ea2c3b5250ce26b00445d8a5123bbb0575c583211cca53c61db

9a7e79d4ff235feb12672979dfc073d2b4572233772ae500ef6b69c670a9820e

5f2c97499943878d853332da541138bd6ccbafca7e00d6f90d06545b27b66ca3

435f48667b32c3ab8bb806a8783c0fc40af86e6c5cbf6f621d6e1a3f331483ed

www.chanderbhushan.com

wyantgroup.com

wowart.vn

serviciilaser.ro

rkbaienfurt.de

playyourbeat.com

metropole.com.au

ledabel.be

fannisho.com

climatehero.me

Attack Patterns

Gootloader

GootKit

Gootloader

Additional Informations

Australia