Cybersecurity experts warn that a new hacking campaign is targeting people who share an extremely specific set of interests.
According to cybersecurity firm SOPHOS, hackers have used a sophisticated set of tools to hijack the results of one particular Google search.
And the experts warn that searching for this specific six-word phrase could put you at serious risk of being hacked.
However, you aren’t likely to be in much danger unless you happen to live in Australia and have an interest in exotic cats.
SOPHOS warns that hackers are targeting anyone who searches: ‘Are Bengal Cats legal in Australia?’.
Searching for this phrase leads unsuspecting cat enthusiasts to malicious links loaded with malware.
Once your computer is infected, hackers can steal your information, take control of your computer, and hold your data for ransom.
In a blog post revealing the attack, SOPHOS engineers wrote: ‘Victims are often enticed into clicking on malicious adware or links disguised as legitimate marketing, or in this case a legitimate Google search.’
Cybersecurity researchers have warned that searching for the phrase ‘are Bengal Cats legal in Australia?’ could put you at serious risk of being hacked (stock image)
However, the security researchers hadn’t specifically set out to protect the interests of cat-loving Aussies.
Rather, they were investigating the use of a particularly powerful and common piece of malware called Gootloader.
This software has been around for about a decade and was previously the signature tool of the Russian REvil ransomware gang.
Hackers infect their target’s computers with Gootloader in order to stealthily install more powerful tools capable of stealing information like bank details or locking users out of their own data.
Typically, this is done using a technique called search engine optimization (SEO) poisoning.
SEO poisoning is a insidious technique in which criminals manipulate search engine results to push websites they control to the top of the page.
This lures victims into clicking on innocent-looking pages which secretly install Gootloader onto their device.
Normally, a hacker would want to poison a really common search term so that as many people as possible follow their malicious links.
Hackers have used a technique called SEO poisoning to hijack the search results for this specific six-word phrase
Alternatively, hackers might go after specific high-value targets though which they could access the networks of a powerful institution like a bank or a hospital.
What makes this attack so strange is that it doesn’t seem to be targeting either of these groups.
Instead, the only people who could possibly be infected are those who happen to search for the extremely specific phrase ‘Are Bengal Cats legal in Australia?’.
During an investigation in May, the researchers found that an unknown ‘threat actor’ had poisoned this search through a link to an easily accessed online cat forum.
Following the hijacked link led to a normal-looking post forum threat entitled ‘are bengal cats legal in Australia?’.
There, someone posing as an administrator posted a download link, ostensibly leading to more information on the topic.
However, rather than leading to any information about cats, this link actually installed a heavily disguised JavaScript file containing the virus.
The software was so cleverly hidden that researchers found the malicious code even included fake software licensing information to make it appear legitimate.
Cybersecurity firm SOPHOS found that searching for this term led users to a forum where someone posing as an administrator had posted a download link supposedly leading to more information
Following the link downloaded a heavily disguised JavaScrip file containing a piece of malware called Gootloader
Once installed, the Gootloader malware could be remotely operated to give the attackers total control of their target’s computer.
However, it isn’t clear why any criminal would go to such great lengths to hack such a specific set of internet users.
It is possible that the hackers did have a specific cat-loving target in mind but this would be a very inefficient way to reach them compared to something like an email scam.
Another explanation could be that the hackers were simply testing out their new gear.
By picking an obscure term that very few people were likely to search, the cybercriminals might have been trying to see if their SEO poisoning had worked without drawing too much attention.
How to avoid getting scammed
To avoid encountering any malware online, the first thing you can do is avoid searching for ‘Are Bengal Cats legal in Australia?’.
However, if you absolutely need to know about cat legality, it is important that you are careful what you click on.
To avoid falling for a SEO poisoning scam, make sure not to follow any links which seem unusual or any advertisements that seem too good to be true (stock image)
Avoid clicking on any links that seems suspicious or lead to sites you are not familiar with.
The SOPHOS engineers write: ‘Users should still look out for search results and search advertisements that seem too good to be true on domains that are off the beaten path – whether they’re looking to get a Bengal cat or not.’
Likewise, if you do end up on a suspicious site don’t follow any further links or download any files.
As a general rule, you should only download files from sites you absolutely trust and never from unknown sources.
If you think your computer may have been compromised, check your accounts for any suspicious activity and be sure to change your passwords as soon as possible.