Fake websites have recently surged in the Google search top rankings, tricking users into clicking on the malicious links. Cybersecurity experts have discovered a widespread phishing campaign that uses fake websites to trick users into downloading malware. These fake websites are climbing to the top of Google Search results by targeting popular tools like PuTTY and WinSCP, which IT professionals and developers widely use.
According to a report by The Hacker News, attackers have replicated the official landing pages of these trusted websites with convincing detail. They even use search engine optimisation (SEO) tricks to boost their visibility on Google. As users download the software from these fraudulent websites, a hidden malware loader known as Oyster attacks the device.
For the unversed, Oyster is a backdoor malware that quietly provides access to infected systems. The malware operates in the background using scheduled tasks, executes code through legitimate Windows processes, and communicates with command servers via encrypted channels to evade detection.
Also read: Gemini can access your WhatsApp chats even with activity turned off: Here’s how you can disable it
The report suggests that these fake websites appear so convincing that even experienced users may not notice anything suspicious. Currently, the scammers are targeting PuTTY and WinSCP; however, experts warn that other software tools could also be affected by the malware. Notably, these fake websites typically have domains such as updaterputty[.]com and zephyrhype[.]com, putty[.]run, putty[.]bet, and puttyy[.]org.
Also read: Meta reportedly offered over $200 million to poach Apple’s AI engineer
To protect themselves, users are advised to avoid clicking on random search results or unfamiliar links. Instead, they can type the official website address directly into the search tab or use a trusted bookmark. They are also asked to download software only from official sources to reduce the risk of infection.