Cat lovers, be warned – your passion could lead to your computer being hacked.
You may think searching ‘Are Bengal Cats legal in Australia?’ is a fairly innocuous – even informative – query.
But hackers are exploiting this niche interest to access computers, steal data, and hold it for ransom, cybersecurity experts warned.
They do this by hiding among the array of results presented by search engines like Google.
On first glance, they seem normal – a link like any other. But behind them is malware that will be downloaded onto your computer the moment you click them.
SOPHOS engineers said: ‘Victims are often enticed into clicking on malicious adware or links disguised as legitimate marketing, or in this case a legitimate Google search.’
One particularly powerful malware used in such schemes is Gootloader, once the signature weapon of Russian REvil, a ransomware gang.
This stealthily installs tools able to steal bank details and lock users out of their own data once it’s infected a computer.
SOPHOS realised the ‘Bengal Cats’ search had been poisoned during a an investigation they conducted in May.
What they found was a forum thread discussing the topic.
On there, someone posing as an administrator had posted a link claiming to lead visitors to more information.
But anyone clicking on it would get something they hadn’t bargained for – a heavily disguised JavaScript file, with the virus cloaked behind fake software licensing to make it appear legitimate.
It’s not known who is behind it, or why they’re targeting this particular passion group. Maybe they were targeting someone particular, or trying to test their strategy without drawing too much attention.
So how can you protect yourself from such scams? SOPHOS said: ‘Users should still look out for search results and search advertisements that seem too good to be true on domains that are off the beaten path – whether they’re looking to get a Bengal cat or not.’
If you do end up on an unfamiliar site, don’t start clicking random links and files you find there.
Get in touch with our news team by emailing us at [email protected].
For more stories like this, check our news page.