20260107-thehackernews.com-f40e7 | Perceptive Security

< Back to index

Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches

Published:

7 January 2026 at 17:09:00

Alert date:

7 January 2026 at 19:02:29

Source:

thehackernews.com

Ransomware & Malware, Web Technologies, Data Breach & Exfiltration

The Black Cat cybercrime gang is conducting an SEO poisoning campaign using fraudulent websites that advertise popular software downloads. The campaign tricks users into downloading backdoor malware capable of stealing sensitive data. The attack leverages search engine optimization techniques to make malicious sites appear in legitimate software search results. This represents an active threat targeting users searching for popular software applications. The campaign was identified and reported by China's CNCERT/CC.

Technical details

Black Cat cybercrime gang conducts SEO poisoning campaigns using fraudulent websites that rank high in search results on Microsoft Bing. Users searching for popular software are redirected to phishing sites, then to fake GitHub pages to download ZIP archives containing malicious installers. The installer creates a desktop shortcut that side-loads a malicious DLL, which launches a backdoor that connects to sbido.com:2869. The malware steals browser data, logs keystrokes, extracts clipboard contents, and exfiltrates sensitive information. Between January 7-20, 2025, the campaign compromised approximately 277,800 hosts in China.

Mitigation steps:

Refrain from clicking on links from unknown sources and stick to trusted sources for downloading software

Affected products:

Google Chrome
Notepad++
QQ International
iTools
AICoin