Gootkit Loader Resurfaces With Tactics To Compromise Targeted Computers

“Previously, Gootkit used freeware installers to disguise malicious documents; now, it uses authorized files to trick customers into downloading these files,” Pattern Micro scientists Jed Valderama and  Buddy Tancio stated in a generate-up last week.

The findings add to a previous report from eSentire, which revealed in January widespread attacks aimed at accounting and law firm employees in order to deploy malware on infected systems.

Gootkit is part of a growing underground ecosystem of access brokers, who are known to provide other cybercriminals with a path into corporate networks in exchange for a fee, paving way for actual damaging attacks like ransomware.

The loader utilizes malicious search engine results, a technique known as SEO poisoning, to trick unsuspecting users into visiting compromised websites hosting ZIP package files laced with malware purportedly related to real estate disclosure agreements.

The ZIP file, for its part, contains a JavaScript file that loads a Cobalt Strike binary, a tool used for post-exploitation activities that run filelessly in memory.

According to the researchers, “the combination of SEO poisoning and compromised legitimate websites can mask indicators of malicious activity that would normally keep users on their guard.”

The researchers stated that “Gootkit is still active and improving its techniques.” “This suggests that this operation has proven effective, as other threat actors appear to be continuing to use it.”

12 thoughts on “Gootkit Loader Resurfaces With Tactics To Compromise Targeted Computers”

  1. I may need your help. I’ve been doing research on gate io recently, and I’ve tried a lot of different things. Later, I read your article, and I think your way of writing has given me some innovative ideas, thank you very much.

  2. I may need your help. I tried many ways but couldn’t solve it, but after reading your article, I think you have a way to help me. I’m looking forward for your reply. Thanks.

  3. I am extremely impressed with your writing skills as well as with the layout on your blog.
    Is this a paid theme or did you modify it yourself? Anyway keep up
    the nice quality writing, it’s rare to see
    a nice blog like this one these days.

  4. I am curious to find out what blog platform you are utilizing?
    I’m experiencing some minor security issues
    with my latest site and I’d like to find something more safe.
    Do you have any solutions?

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top