{"id":228549,"date":"2026-01-08T01:15:24","date_gmt":"2026-01-08T07:15:24","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/01\/black-cat-behind-seo-poisoning-malware-campaign-targeting-popular-software-searches"},"modified":"2026-01-08T01:15:24","modified_gmt":"2026-01-08T07:15:24","slug":"black-cat-behind-seo-poisoning-malware-campaign-targeting-popular-software-searches","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/01\/black-cat-behind-seo-poisoning-malware-campaign-targeting-popular-software-searches","title":{"rendered":"Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/black-cat-behind-seo-poisoning-malware-campaign-targeting-popular-software-searches2.jpg\"><\/a><\/p>\n<p>The malware establishes contact with a hard-coded remote server (\u201c<a href=\"https:\/\/www.virustotal.com\/gui\/domain\/sbido.com\/details\" rel=\"noopener\" target=\"_blank\">sbido[.]com:2869<\/a>\u201d), allowing it to steal web browser data, log keystrokes, extract clipboard contents, and other valuable information from the compromised host.<\/p>\n<p>CNCERT\/CC and ThreatBook noted that the Black Cat cybercrime syndicate has compromised about 277,800 hosts across China between December 7 and 20, 2025, with the highest daily number of compromised machines within the country scaling a high of 62,167.<\/p>\n<p>To mitigate the risk, users are advised to refrain from clicking on links from unknown sources and stick to trusted sources for downloading software.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The malware establishes contact with a hard-coded remote server (\u201csbido[.]com:2869\u201d), allowing it to steal web browser data, log keystrokes, extract clipboard contents, and other valuable information from the compromised host. CNCERT\/CC and ThreatBook noted that the Black Cat cybercrime syndicate has compromised about 277,800 hosts across China between December 7 and 20, 2025, with the [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-228549","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/228549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=228549"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/228549\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=228549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=228549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=228549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}