Attacks with the GootLoader malware loader have been targeted at individuals researching the lawfulness of Bengal cats in Australia as part of a new highly-targeted campaign, reports The Hacker News.
Threat actors leveraged search results for the query 'Are Bengal Cats legal in Australia?' which when clicked enabled the download of a malicious ZIP archive installing the GootKit information-stealing payload and remote access trojan, according to a Sophos report. Similar compromise has been enabled via searches for the 'Do you need a license to own a Bengal cat in Australia' query, which was found to yield results redirecting to a breached Belgian LED display manufacturer's website that downloaded a ZIP archive that facilitated compromise with a system data exfiltrating and payload retrieving PowerShell script. "GootLoader is one of a number of continuing malware-delivery-as-a-service operations that heavily leverage search results as a means to reach victims," said Sophos researchers, who added that the loader's exploitation of search engine optimization and search engine advertising for the delivery of malicious payloads has been underway since 2020.