Security News > 2021 > March > Search crimes – how the Gootkit gang poisons Google searches
Given the danger that arises as soon as the crooks sneak into your network, it's as important to learn how malware gets delivered in the first place as it is to know what happens to your files when ransomware finally scrambles them.
The Gootkit malware family has been around more than half a decade - a mature Trojan with functionality centered around banking credential theft.
In the past, Sophos and other security experts have bundled the discussion of the malware itself with analysis of the delivery mechanism, but as this method has been adopted to deliver a wider range of malicious code, we assert that this mechanism deserves scrutiny, distinct from its payload, which is why we've decided to call it Gootloader.
The report goes into the sort of detail that is well worth knowing if you're interested in how modern malware embeds and extends itself inside a network, including a discussion of so-called "Fileless" attacks.
Even if you aren't an assembly language expert or a malware analyst, the SophosLabs paper is well worth reading for its description of how the Gootloader criminals lure well-meaning users into installing the Gootloader malware in the first place.
Simply put, the crooks game Google's search engine, tricking Google into treating hacked websites as trustworthy sources, and presenting innocent users with apparently "Perfect matches" to their search queries.