Gootloader
Gootloader is a new piece of malware related to the well-known Gootkit Malware family that has been around for several years. The new threat is used to load additional payloads on infected devices, and what is really new about it, is the method that its operators use to reach their victims. Often, cybercriminals rely on deceptive advertisements and email attachments to deliver threatening software, but the Gootloader's creators have adopted a different approach – they take over legitimate websites with a good Google ranking for specific keywords and then inject corrupted code in their pages.
According to cybersecurity researchers, the websites that the hackers take over cover a broad range of topics, and the criminals often create new pages that claim to contain an answer for a very niche question that is likely to be popular on Google or other search engines. However, the criminals are not bothering to match the fake question with the hacked website's topic – for example, a medical-related Web page was hosting a question about real estate. Users who are careful about the websites they interact with may notice that finding the answer to a real estate question on a medical practitioner's website is very odd, and some red flags are likely to be raised.
The fake answer published by the criminals behind Gootloader asks the victim to download an archive containing a threatening file. Judging by the languages used for the name of the payload, Gootloader is likely to target users in Germany, France, and South Korea, but the criminals are probably targeting other regions as well. It is believed that the Gootloader operators are running this campaign with the use of hundreds of compromised websites that rank high on search engines.
One of Gootloader's signature properties is its tendency to delay its execution – once the implant is loaded, it may not carry out any threatening activity for days. However, once it gets to work, it may quickly fetch additional malware from the server of the attackers. In the past, malware of the Gootkit family has been spotted downloading primarily ransomware and infostealers, and it is likely that the Gootloader campaign will not be any different. It is recommended to protect your system from attacks of this sort by using a reliable and regularly updated anti-virus tool.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.