A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. GootLoader is a stealthy malware classified as a first-stage downloader designed to attack Windows-based systems. It is considered an Initial-Access-as-a-Service (IAaaS) tool used within a ransomware-as-a-service (RaaS) criminal business model. The GootLoader group's introduction of their custom bot into the late stages of their attack chain is an at
The operators of the GootLoader campaign are targeting employees of accounting and law firms as part of a renewed effort of cyberattacks to deploy malware on infected systems. This is an unfortunate sign that the adversary is expanding its focus to other high-value targets. The Gootkit malware family has been around for five years or more, and is used to distribute code such as ransomware, which can encrypt the files on a Windows computer and only release them once a ransom is paid.
Note: this page contains paid content.
Please, subscribe to get an access.