Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign

SUMMARY :

A new Gootloader variant has been discovered using search engine optimization (SEO) poisoning to target Australian Bengal cat enthusiasts. The campaign uses Google search results for 'Are Bengal Cats legal in Australia?' to deliver malicious payloads. When users click on compromised links, a zip file containing obfuscated JavaScript is downloaded. This initial payload drops a larger JavaScript file, which creates a scheduled task for persistence. The second stage uses WScript and CScript to execute additional PowerShell commands. While the full deployment of GootKit was not observed in this case, the malware typically leads to information stealing and potential ransomware attacks. The campaign demonstrates the ongoing evolution of Gootloader's tactics and the continued threat of SEO poisoning for malware delivery.

OPENCTI LABELS :

powershell,initial access,javascript,seo poisoning,gootloader,scheduled task,gootkit


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign