Security News > 2021 > March > Multi-payload Gootloader platform stealthily delivers malware and ransomware

Multi-payload Gootloader platform stealthily delivers malware and ransomware
2021-03-02 05:30

The delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransomware.

Sophos researchers have named the platform Gootloader.

The Gootloader infection chain begins with sophisticated social engineering techniques that involve hacked websites, malicious downloads, and manipulated search engine optimization.

Gootloader is currently delivering Kronos financial malware in Germany, and the post-exploitation tool, Cobalt Strike, in the US and South Korea.

"The developers behind Gootkit appear to have shifted resources and energy from delivering just their own financial malware to creating a stealthy, complex delivery platform for all kinds of payloads, including REvil ransomware," said Gabor Szappanos, threat research director at Sophos.

The best overall protection against Gootloader attacks is a comprehensive security solution that can scan for suspicious activity in memory and protect against fileless malware.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/-WxiMmFR-8k/