Close Menu
TechurzTechurz
    What's Hot

    Station F ramps up as a launchpad for Europe’s hottest AI startups

    July 6, 2026

    Smart glasses maker Even Realities hits $1B valuation with $150M funding led by Meituan, Tencent

    July 6, 2026

    Uber’s European expansion plans may have hit a speed bump

    July 5, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • Station F ramps up as a launchpad for Europe’s hottest AI startups
    • Smart glasses maker Even Realities hits $1B valuation with $150M funding led by Meituan, Tencent
    • Uber’s European expansion plans may have hit a speed bump
    • IQM, Europe’s first public quantum company, admits the future of the tech is uncertain
    • Indian tech tycoon bets $30M of his own money to build AI alternative to Microsoft Office
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - News - Be careful where you click in Google search results – it could be damaging malware
    News

    Be careful where you click in Google search results – it could be damaging malware

    TechurzBy TechurzJuly 8, 2025Updated:May 11, 2026No Comments2 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Global Warning. Alert Sign On World Map
    Share
    Facebook Twitter LinkedIn Pinterest Email


    • Arctic Wolf spotted SEO-optimized fake download pages
    • The sites spoofed PuTTY and WinSCP
    • Experts warn IT teams to be careful when downloading software

    Experts have uncovered a malicious campaign using SEO-optimized fake landing pages to deploy a malware loader called Oyster.

    Cybersecurity researchers Arctic Wolf found threat actors have created numerous landing pages that impersonate PuTTY and WinSCP, two popular Windows tools used to connect securely to remote servers.

    These pages are seemingly identical to their legitimate counterparts, and when people search on Google for these tools (mostly IT, cybersecurity, and web development professionals), they could be tricked into opening the wrong website. Since nothing on the sites would raise their suspicion, they might download the tool – which would work as intended, but it would also deliver Oyster, a known malware loader that is also sometimes called Broomstick, or CleanUpLoader.


    You may like

    Other software abused, too

    “Upon execution, a backdoor known as Oyster/Broomstick is installed,” Arctic Wolf explained. “Persistence is established by creating a scheduled task that runs every three minutes, executing a malicious DLL (twain_96.dll) via rundll32.exe using the DllRegisterServer export, indicating the use of DLL registration as part of the persistence mechanism.”

    Oyster is a stealthy malware loader used to deliver additional malicious payloads onto infected Windows systems, often as part of multi-stage attacks. It uses techniques like process injection, string obfuscation, and command-and-control via HTTPS to evade detection and maintain persistence.

    These are some of the fake websites used in the attacks:

    updaterputty[.]com
    zephyrhype[.]com
    putty[.]run
    putty[.]bet, and
    puttyy[.]org

    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

    While Arctic Wolf only mentioned PuTTY and WinSCP, it stressed that other tools may have been abused in the same manner, too. “While only Trojanized versions of PuTTY and WinSCP have been observed in this campaign, it is possible that additional tools may also be involved,” they said.

    Out of an abundance of caution, IT pros are advised to only download software from trusted sources, and to type in addresses themselves, rather than just googling them and clicking on the top result.

    Via The Hacker News

    You might also like

    careful Click damaging Google malware results search
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleIDShield review | TechRadar
    Next Article Moonvalley’s ‘ethical’ AI video model for filmmakers is now publicly available
    Techurz
    • Website

    Related Posts

    Opinion

    Lovable signs multiyear deal with Google Cloud to up usage 5x, source says

    June 3, 2026
    Opinion

    Conntour raises $7M from General Catalyst, YC to build an AI search engine for security video systems

    March 26, 2026
    Opinion

    Delve did the security compliance on LiteLLM, an AI project hit by malware

    March 26, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    12 Father’s Day E-Card Sites That Are Actually Good

    June 4, 202523

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.