Hackers use SEO to rank fake sites mimicking PuTTY and WinSCP, tricking users into downloading malware.
The malware silently runs in the background, providing remote access and avoiding detection through encrypted communication.
Always download software from official websites or trusted sources—never rely solely on search results.
Fake websites have recently surged in the Google search top rankings, tricking users into clicking on the malicious links. Cybersecurity experts have discovered a widespread phishing campaign that uses fake websites to trick users into downloading malware. These fake websites are climbing to the top of Google Search results by targeting popular tools like PuTTY and WinSCP, which IT professionals and developers widely use.
SurveyAccording to a report by The Hacker News, attackers have replicated the official landing pages of these trusted websites with convincing detail. They even use search engine optimisation (SEO) tricks to boost their visibility on Google. As users download the software from these fraudulent websites, a hidden malware loader known as Oyster attacks the device.
For the unversed, Oyster is a backdoor malware that quietly provides access to infected systems. The malware operates in the background using scheduled tasks, executes code through legitimate Windows processes, and communicates with command servers via encrypted channels to evade detection.
Also read: Gemini can access your WhatsApp chats even with activity turned off: Here’s how you can disable it
How to protect yourself from scammers?
The report suggests that these fake websites appear so convincing that even experienced users may not notice anything suspicious. Currently, the scammers are targeting PuTTY and WinSCP; however, experts warn that other software tools could also be affected by the malware. Notably, these fake websites typically have domains such as updaterputty[.]com and zephyrhype[.]com, putty[.]run, putty[.]bet, and puttyy[.]org.
Also read: Meta reportedly offered over $200 million to poach Apple’s AI engineer
To protect themselves, users are advised to avoid clicking on random search results or unfamiliar links. Instead, they can type the official website address directly into the search tab or use a trusted bookmark. They are also asked to download software only from official sources to reduce the risk of infection.
Follow Us
Himani Jha
Himani Jha is a tech news writer at Digit. Passionate about smartphones and consumer technology, she has contributed to leading publications such as Times Network, Gadgets 360, and Hindustan Times Tech for the past five years. When not immersed in gadgets, she enjoys exploring the vibrant culinary scene, discovering new cafes and restaurants, and indulging in her love for fine literature and timeless music. View Full Profile
