Black Cat SEO Poisoning Campaign Targets Popular Software Searches
Summary
Hide ▲
Show ▼
The Black Cat cybercrime gang has been linked to an SEO poisoning campaign that lures users into downloading malware through fraudulent sites advertising popular software. The campaign targets users searching for software like Google Chrome, Notepad++, QQ International, and iTools, redirecting them to fake download pages that install a backdoor Trojan capable of stealing sensitive data. The malware establishes contact with a remote server to exfiltrate data, including browser data, keystrokes, and clipboard contents. The campaign has compromised approximately 277,800 hosts in China between January 7 and 20, 2025.
Timeline
-
07.01.2026 19:09 1 articles · 23h ago
Black Cat SEO Poisoning Campaign Compromises 277,800 Hosts in China
Between January 7 and 20, 2025, the Black Cat cybercrime gang compromised approximately 277,800 hosts in China through an SEO poisoning campaign targeting popular software searches. The campaign uses fraudulent sites to distribute a backdoor Trojan that steals sensitive data, establishing contact with a remote server to exfiltrate data, including browser data, keystrokes, and clipboard contents.
Show sources
- Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches — thehackernews.com — 07.01.2026 19:09
Information Snippets
-
Black Cat has been active since at least 2022, conducting data theft and remote control attacks via SEO poisoning campaigns.
First reported: 07.01.2026 19:091 source, 1 articleShow sources
- Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches — thehackernews.com — 07.01.2026 19:09
-
In 2023, Black Cat stole at least $160,000 worth of cryptocurrency by impersonating AICoin, a popular virtual currency trading platform.
First reported: 07.01.2026 19:091 source, 1 articleShow sources
- Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches — thehackernews.com — 07.01.2026 19:09
-
The latest campaign targets users searching for Notepad++, redirecting them to a phishing site masquerading as associated with the software.
First reported: 07.01.2026 19:091 source, 1 articleShow sources
- Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches — thehackernews.com — 07.01.2026 19:09
-
Other domains registered by Black Cat include 'cn-obsidian[.]com', 'cn-winscp[.]com', and 'notepadplusplus[.]cn'.
First reported: 07.01.2026 19:091 source, 1 articleShow sources
- Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches — thehackernews.com — 07.01.2026 19:09
-
The malware establishes contact with a hard-coded remote server ('sbido[.]com:2869') to exfiltrate data.
First reported: 07.01.2026 19:091 source, 1 articleShow sources
- Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches — thehackernews.com — 07.01.2026 19:09
-
The campaign has compromised about 277,800 hosts in China between January 7 and 20, 2025, with a peak of 62,167 compromised machines in a single day.
First reported: 07.01.2026 19:091 source, 1 articleShow sources
- Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches — thehackernews.com — 07.01.2026 19:09