Security News > 2021 > March > Hackers use black hat SEO to push ransomware, trojans via Google
The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results.
Malware campaigns relying on Gootloader's mechanism have been spotted last year delivering REvil ransomware to targets in Germany.
The actors regrouped by forming a vast network of hacked WordPress sites and using SEO poisoning to show in Google forum posts fake forums with malicious links.
A report today from cybersecurity company Sophos estimates that Gootloader controls about 400 servers active at any time that host hacked, legitimate websites.
According to Sophos, Gootloader campaigns target visitors from the U.S. Germany, and South Korea.
Sophos has published a technical analysis of the Gootloader infection chain and makes available on its GitHub page indicators of compromise and a Yara rule for its malicious JavaScript files.
News URL
Related news
- Ransomware can mean life or death at hospitals. DEF CON hackers to the rescue? (source)
- Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
- Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (source)
- FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT (source)