Latest news with #WinSCP

Hindustan Times

Fake websites are climbing Google's search results, tricking users into downloading hidden malware

When searching for software on Google, it's important to be cautious about where you click - especially in the age of rampant phishing and hacking. Cybersecurity experts have uncovered a widespread campaign that uses fake websites to trick users into downloading malware. This scam targets popular tools like PuTTY and WinSCP, which are widely used by IT professionals and developers to connect securely to remote servers. A convincing fake website, nearly identical to the real thing, can hide malware in plain sight for unsuspecting users.(Unsplash) The trick behind the scam Attackers have created fake landing pages that look almost identical to the official PuTTY and WinSCP websites. These counterfeit sites rank high in Google search results thanks to clever search engine optimisation techniques. When users visit these pages and download the software, it appears to work normally. However, the download also installs a hidden malware loader called Oyster. This malware acts as a backdoor and slyly allows attackers to install additional harmful software onto the infected computer. As is true for most tools of the same trade, Oyster is designed to be stealthy. It sets up a scheduled task that runs every three minutes, executing a malicious file through Windows system processes. It uses advanced methods like process injection and encrypted communication to avoid detection and maintain control over the compromised device. Why you should be careful The fake domains involved in this campaign include updaterputty[.]com, zephyrhype[.]com, putty[.]run, putty[.]bet, and puttyy[.]org, as reported by The Hacker News. These sites are so convincing that even experienced users might not notice anything suspicious. While the campaign currently targets PuTTY and WinSCP, experts warn that other software tools could also be exploited in similar ways. To protect yourself, avoid clicking on search results when downloading software, especially if the link looks unfamiliar. Instead, type the official website address directly into your browser or use trusted bookmarks. Downloading software only from official sources significantly reduces the risk of infection. This campaign highlights how cybercriminals are increasingly using SEO manipulation to spread malware, making vigilance more important than ever. IT professionals and everyday users alike should stay alert and verify the authenticity of websites before downloading any software. Taking these precautions can help keep your devices safe from malware that hides behind seemingly legitimate software downloads. Always double-check the source before clicking, especially when dealing with critical tools used for secure connections.