Gootloader exploits websites via SEO to spread ransomware, trojans

Gootloader exploits websites via SEO to spread ransomware, trojans

Researchers have warned that Gootloader campaigns generally target users in the US, Germany, France, and South Korea.



 


The cybercriminal community has become quite sophisticated in its attack tactics to trick Google into displaying malicious search results and exposing millions of its users around the world at risk of malware infection.


In the latest, Gootloader is back with additional capabilities and exploits websites via Search Engine Optimisation (SEO) to spread nasty banking trojan like Kronos.


Gootloader expanding payload delivery mechanism


Gootloader is a malware loader that previously distributed the Gootkit malware. However, the latest research from Sophos cybersecurity firm reveals that the Gootloader has evolved into a sophisticated loader framework and has expanded its payload delivery beyond the Gootkit family of malware.


Researchers believe that the loader has undergone a renaissance as far as payload delivery is concerned as it now included Kronos trojan and Cobalt Strike malware, and possibly REvil ransomware.


Sophos claims that the Gootloader campaigns generally target users in the US, Germany, France, and South Korea.


What is Gootloader?


It is a Javascript-based malware tool or a framework that previously delivered the Gootkit malware family, particularly the Gootkit remote access trojan. This malware family was discovered around 5 years back and has no ..