Gootkit financial malware has been resurrected to fling ransomware payloads at unwitting marks, according to Sophos.
The infosec firm said today that “criminal operators have turned the infection method” for the malware “into a complex delivery platform for a wide range of malware, including ransomware.”
Gootkit is an exploit kit that has been around for a good few years. Originally its operators set out to compromise legitimate websites and redirect their traffic towards hostile sites containing malware.
Now, however, they’re using the eternally grey art of search engine optimisation (SEO) to get their malicious wares onto victims’ devices – and those malicious wares include payloads from the REvil ransomware crew, post-exploit artefacts from the Cobalt Strike ..
Support the originator by clicking the read the rest link below.
