Bizarre Google Search Risk Claim is Overhyped

Claims that typing "Are Bengal cats legal in Australia?" into Google could destroy your computer and empty your bank account are somewhat overblown. But beneath the hyperbole, there's an interesting tactic from hackers.

Numerous media sources have written stories about the supposed dangers of a "six word phrase" that users must not type for fear of exposing their personal data. The implication is that there's some sort of magical booby trap, but the reality is a little duller.

The problem was spotted by Sophos which noted that several of the top search results for the query about the cats were bogus websites, a so-called "SEO poisoning" campaign. In most cases, the sites would attempt to deliver malware to the user's computer, taking advantage of bugs and flaws in browsers.

Info Stealer Malware

It's a tactic sometimes dubbed a "drive by attack" because, when it works, it doesn't require any action by the victim other than visiting the site. In this case it seems to be an evolution of an existing malware campaign that disguised the files through links in posts on discussion forums.

The malware in question, Gootloader, is particularly nasty. Sophos describes it as a "highly evasive info stealer and remote access" which also acts as a route in for other attacks such as ransomware. (Source: sophos.com)

This all means that some of the presentation of the story isn't quite accurate: simply typing the phrase into Google isn't enough to cause any harm, it's clicking on the resulting links that causes problems.

Neither is there anything particularly special about the phrase "Are Bengal cats legal in Australia?" It's either the phrase the hackers are using to test their approach, or simply one among many variants of the attack that Sophos happened to spot.

Search Term Targeting

The real key is that the hackers are using the same targeting tactics that many legitimate website use when trying to attract an audience. They need to target a keyword that has enough interest to bring a big enough potential audience to make it worth building the website, but is obscure enough that there's limited competition and they stand a decent chance of getting high up in the rankings.

In this case the attackers are specifically targeting queries about Australia. This not only helps adjust the popularity/niche balance but also makes it more likely the victim will be comparatively financially well off.

And for anyone who is looking to answer the question, the Australian government says Bengal cats (a hybrid of an Asian leopard cat and a domestic cat) are legal, but can only be imported if there's documented proof the cross-breeding was at least five generations ago. (Source: gov.au)

What's Your Opinion?

Had you heard this story, including in the more scaremongering forms? Are you surprised at the tactic? Do you take more care when searching for particular phrases on Google?