GootLoader Hackers Targeting Employees of Law and Accounting Firms

2022-01-13 06:23

Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets.

"GootLoader is a stealthy initial access malware, which after getting a foothold into the victim's computer system, infects the system with ransomware or other lethal malware," researchers from eSentire said in a report shared with The Hacker News.

Malware can be delivered on targets' systems via many methods, including poisoned search results, fake updates, and trojanized applications downloaded from sites linking to pirated software.

The nature of GootLoader and the way it's designed to provide a backdoor into systems implies that the goal of the attacks could be intelligence gathering, but it could also be utilised as a tool for delivering additional damaging payloads, including Cobalt Strike and ransomware, to compromised systems for follow-on attacks.

"GootLoader's operators invite employees to seek, download, and execute their malware under the guise of a free business agreement template. This is particularly effective against legal firms, who may encounter uncommon requests from clients."

To mitigate such threats, it's recommended that organizations put in place a vetting process for business agreement samples, train employees to open documents only from trusted sources, and ensure that the content downloaded matches the content intended to be downloaded.

News URL

https://thehackernews.com/2022/01/gootloader-hackers-targeting-employees.html

#hacker