Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign
Essential information
- Published
- 06/11/2024 14:29
- Modified
- 06/11/2024 17:34
- Tags
- 2024-11-06 gootkit gootloader initial access javascript powershell scheduled task seo poisoning
- Related entities
- 14 observables, 1 intrusion sets (apt), 2 malware, 1 others
Description
A new Gootloader variant has been discovered using search engine optimization (SEO) poisoning to target Australian Bengal cat enthusiasts. The campaign uses Google search results for 'Are Bengal Cats legal in Australia?' to deliver malicious payloads. When users click on compromised links, a zip file containing obfuscated JavaScript is downloaded. This initial payload drops a larger JavaScript file, which creates a scheduled task for persistence. The second stage uses WScript and CScript to execute additional PowerShell commands. While the full deployment of GootKit was not observed in this case, the malware typically leads to information stealing and potential ransomware attacks. The campaign demonstrates the ongoing evolution of Gootloader's tactics and the continued threat of SEO poisoning for malware delivery.