...
...
Next Story

Fake websites are climbing Google’s search results, tricking users into downloading hidden malware

A new scam is using fake websites high in Google search results to trick people into downloading hidden malware.

Updated on: Jul 09, 2025 03:04 PM IST

When searching for software on Google, it’s important to be cautious about where you click - especially in the age of rampant phishing and hacking. Cybersecurity experts have uncovered a widespread campaign that uses fake websites to trick users into downloading malware. This scam targets popular tools like PuTTY and WinSCP, which are widely used by IT professionals and developers to connect securely to remote servers.

The trick behind the scam

A convincing fake website, nearly identical to the real thing, can hide malware in plain sight for unsuspecting users. (Unsplash)
A convincing fake website, nearly identical to the real thing, can hide malware in plain sight for unsuspecting users. (Unsplash)

It's an exciting time to be in love in with tech - whether it is AI solutions, the pace of gadget development, and other related technologies. As a tech journalist, I believe it has the potential to solve all of world's problems if used holistically, and my job is make to it more relatable and understandable.

Read moreRead less

Attackers have created fake landing pages that look almost identical to the official PuTTY and WinSCP websites. These counterfeit sites rank high in Google search results thanks to clever search engine optimisation techniques. When users visit these pages and download the software, it appears to work normally. However, the download also installs a hidden malware loader called Oyster. This malware acts as a backdoor and slyly allows attackers to install additional harmful software onto the infected computer.

As is true for most tools of the same trade, Oyster is designed to be stealthy. It sets up a scheduled task that runs every three minutes, executing a malicious file through Windows system processes. It uses advanced methods like process injection and encrypted communication to avoid detection and maintain control over the compromised device.

Why you should be careful

The fake domains involved in this campaign include updaterputty[.]com, zephyrhype[.]com, putty[.]run, putty[.]bet, and puttyy[.]org, as reported by The Hacker News. These sites are so convincing that even experienced users might not notice anything suspicious. While the campaign currently targets PuTTY and WinSCP, experts warn that other software tools could also be exploited in similar ways.

To protect yourself, avoid clicking on search results when downloading software, especially if the link looks unfamiliar. Instead, type the official website address directly into your browser or use trusted bookmarks. Downloading software only from official sources significantly reduces the risk of infection.

This campaign highlights how cybercriminals are increasingly using SEO manipulation to spread malware, making vigilance more important than ever. IT professionals and everyday users alike should stay alert and verify the authenticity of websites before downloading any software.

 
SHARE THIS ARTICLE ON