BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Black Cat SEO Poisoning Pushes Fake Apps, Installs Backdoor.

SEO-poisoning campaign in China redirects users to fake software downloads that side-load a DLL backdoor to steal browser data, keystrokes and clipboard — ~277,800 hosts infected

  • Black Cat used SEO poisoning to place fake software download pages high in search results for Chinese users.
  • Malicious installers side-load a DLL to deploy a backdoor that steals browser data, keystrokes, and clipboard contents.
  • Researchers report about 277,800 compromised hosts in China during the campaign, with a peak day of 62,167 infections.

Black Cat, active since at least 2022, deployed an SEO poisoning campaign in China that pushed fake download sites for popular tools to the top of search results. According to a report by CNCERT/CC and ThreatBook, victims searching for programs such as Notepad++, Google Chrome, QQ International, and iTools were directed to convincing phishing sites.

- Advertisement -

"After visiting these high-ranking phishing pages, users are lured by carefully constructed download pages, attempting to download software installation packages bundled with malicious programs," the report stated. "Once installed, the program implants a backdoor Trojan without the user’s knowledge, leading to the theft of sensitive data from the host computer by attackers."

The attackers registered domains including cn-notepadplusplus[.]com, cn-obsidian[.]com, cn-winscp[.]com, and notepadplusplus[.]cn to target Chinese users. A fake download flow redirects victims to a GitHub-mimicking host (github.zh-cns[.]top) that serves a ZIP file. The ZIP contains an installer that places a desktop shortcut; that shortcut side-loads a malicious DLL which launches the backdoor.

The deployed backdoor contacts a hard-coded command server at sbido[.]com:2869. Once connected, the Malware can steal web browser data, capture keystrokes, and read clipboard contents.

The campaign has had wide impact in China. CNCERT/CC and ThreatBook reported roughly 277,800 compromised hosts between January 7 and January 20, 2025, with a single-day high of 62,167 machines. In 2023, the group also impersonated a cryptocurrency platform and stole about $160,000 in digital assets.

- Advertisement -

Users are advised to avoid links from unknown sources and download software only from trusted, official sites.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Oracle Shares Tumble 6.5% as Iran Conflict Sparks Market Sell-Off

Oracle shares fell 6.5% on Monday amid a market-wide sell-off triggered by the escalation...

FLEOA endorses CLARITY Act ahead of Senate recess

The CLARITY Act secured a second endorsement from a major law enforcement group, the...

OpenAI’s new guide: shorter prompts, better GPT-5.6 Sol results

OpenAI published a dedicated prompting guide for GPT-5.6 Sol that changes earlier advice.Internal coding-agent...

Bitcoin Drops 4% on Geopolitical Tensions, Market Risk-Off

Bitcoin fell to $61,750.90 on Monday, July 13, as geopolitical tensions over the Strait...

New macOS Malware ‘CrashStealer’ Steals Crypto, Passwords

Researchers at Jamf Threat Labs have discovered a new macOS information stealer called CrashStealer...

Must Read

26 Best Investment Audiobooks on Audible

Looking to expand your financial knowledge? Me too..When I first started investing, I was completely lost. There were so many terms, strategies, and theories...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading