Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware

2023-03-01 14:02

Six different law firms were targeted in January and February 2023 as part of two disparate threat campaigns distributing GootLoader and FakeUpdates malware strains.

GootLoader, active since late 2020, is a first-stage downloader that's capable of delivering a wide range of secondary payloads such as Cobalt Strike and ransomware.

It notably employs search engine optimization poisoning to funnel victims searching for business-related documents toward drive-by download sites that drop the JavaScript malware.

The disclosure from eSentire is the latest in a wave of attacks that have utilized the Gootkit malware loader to breach targets.

GootLoader is far from the only JavaScript malware targeting business professionals and law firm employees.

The infection chain is further significant for taking advantage of a website frequented by legal firms as a watering hole to distribute the malware.

News URL

https://thehackernews.com/2023/03/cybercriminals-targeting-law-firms-with.html

#cybercriminal #malware

News URL

Related news