"According to a report published by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) and Beijing Weibu Online (aka ThreatBook), the activity is designed to strategically push bogus sites to the top of search results on search engines like Microsoft Bing, specifically targeting users looking for programs like Google Chrome, Notepad++, QQ International, and iTools. "After visiting these high-ranking phishing pages, users are lured by carefully constructed download pages, attempting to download software installation packages bundled with malicious programs," CNCERT/CC and ThreatBook said. "Once installed, the program implants a backdoor Trojan without the user's knowledge, leading to the theft of sensitive data from the host computer by attackers.""
"In the latest set of attacks, users searching for Notepad++ are served links to a convincing phishing site masquerading as associated with the software program ("cn-notepadplusplus[.]com"). Other domains registered by Black Cat include "cn-obsidian[.]com," "cn-winscp[.]com," and "notepadplusplus[.]cn." The inclusion of "cn" in the domain names indicates that the threat actors are specifically going after Chinese users who may be looking for such tools via search engines."
Black Cat operates SEO poisoning campaigns that elevate fraudulent websites to top search results on engines like Microsoft Bing. The campaigns target users searching for software such as Google Chrome, Notepad++, QQ International, and iTools. High-ranking phishing pages present convincing download pages that bundle legitimate installers with malicious programs. Installed packages implant a backdoor Trojan enabling remote control and theft of sensitive data from infected hosts. Black Cat has been active since at least 2022 and used similar tactics to steal at least $160,000 in cryptocurrency by impersonating AICoin in 2023. Several domains used in recent attacks include cn-notepadplusplus[.]com and notepadplusplus[.]cn, indicating a focus on Chinese users.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]