Security News > 2023 > November > New GootLoader Malware Variant Evades Detection and Spreads Rapidly

A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection.

"The GootLoader group's introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2 such as CobaltStrike or RDP," IBM X-Force researchers Golo Mühr and Ole Villadsen said.

"This new variant is a lightweight but effective malware allowing attackers to rapidly spread throughout the network and deploy further payloads."

GootLoader, as the name implies, is a malware capable of downloading next-stage malware after luring potential victims using search engine optimization poisoning tactics.

"The use of GootBot points to a tactical shift, with the implant downloaded as a payload after a Gootloader infection in lieu of post-exploitation frameworks such as CobaltStrike."

"The discovery of the Gootbot variant highlights the lengths to which attackers will go to evade detection and operate in stealth," the researchers said.

News URL

https://thehackernews.com/2023/11/new-gootloader-malware-variant-evades.html