Security News > 2020 > November > Gootkit malware returns to life alongside REvil ransomware
After a year-long vacation, the Gootkit information-stealing Trojan has returned to life alongside REvil Ransomware in a new campaign targeting Germany.
Gootkit bursts back to life with ransomware partnership.
When the user clicks on the link, they will download a ZIP file containing an obfuscated JS file that will install either the Gootkit malware or the REvil ransomware.
In a new report released today, Malwarebytes' researchers explain that the malicious JavaScript payloads will perform fileless attacks of either Gootkit or REvil.
When launched, the JavaScript script will connect to its command and control server and downloads another script that contains the malicious malware payload. In Malwarebytes' analysis, this payload is usually Gootkit, but it was also REvil ransomware in some cases.