Gootkit Loader resurfaces with updated techniques to compromise targeted victims

On Sunday, Gootkit access-as-a-service (AaaS) malware operators resurfaced with updated tactics to compromise unsuspecting victims.

Trend Micro researchers Buddy Tancio and Jed Valderama said that in the past, Gootkit used freeware installers to mask malicious files; now it’s using legal documents to trick users into downloading these files.

The findings developed on a previous report from eSentire, which revealed in January of widespread attacks pointed at employees of accounting and law firms deploying malware on infected systems.

Gootkit is part of the proliferating underground ecosystem of access brokers, who are known for providing other malicious actors a route into corporate networks for a price, making the way for actual damaging attacks such as ransomware.

The loader utilizes malicious search engine results, a technique called SEO poisoning, to attract unsuspecting users into visiting compromised websites hosting malware-laced ZIP package files purportedly related to disclosure agreements for real estate transactions.

The researchers said, “The combination of SEO poisoning and compromised legitimate websites can mask indicators of malicious activity that would usually keep users on their guard.”

 

 




Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More

Advertisement

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More