April 24, 2024

GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets.

GootLoader is a stealthy initial access malware, which after getting a foothold into the victim’s computer system, infects the system with ransomware or other lethal malware, mostly distributed by search engine poisoning

Advertisements

In earlier campaing it’s spreaded by drive-by download offensive that involved tricking users to visiting compromised WordPress websites belonging to legitimate businesses via a technique called search engine poisoning that pushes these sites to the top of the search results.

The mode of operation is to entice a business professional to one of the compromised websites and then have them click on the link, leading to Gootloader, which attempts to retrieve the final payload, whether it be ransomware, a banking trojan or intrusion tool and credential stealer.

Over 100,000 malicious webpages were set up last year across websites representing entities in the hotel industry, high-end retail, education, healthcare, music and visual arts, with one of the hacked websites hosting 150 rogue pages designed to social engineer users searching for postnuptial or intellectual property agreements.

Advertisements

The nature of GootLoader and the way it’s designed to provide a backdoor into systems implies that the goal of the attacks could be intelligence gathering, but it could also be utilised as a tool for delivering additional damaging payloads, including Cobalt Strike and ransomware, to compromised systems for follow-on attacks.

GootLoader relies heavily on social engineering to establish its foothold, from poisoning Google search results to fashioning the payload.To mitigate such threats, it’s recommended that organizations put in place a vetting process for business agreement samples, train employees on social engineering tactics.

Indicators of Compromise

  • human-to-dust[.]de
  • szandyhercegno[.]hu
Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Red Ransomware Victimized Targus

April 23, 2024

Oracle Virtual Box Vulnerability PoC Released – CVE-2024-21111

April 22, 2024

CrushFTP Zeroday Vulnerability Exploited in Wild attack

April 21, 2024

TheCyberThrone Security Week In Review – April 20, 2024

April 21, 2024

MITRE Breached Exploiting Ivanti Zeroday

April 20, 2024

GPT-4 can exploit vulnerabilities with ease

April 19, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading