Gootkit Archives - Security Affairs

Pierluigi Paganini January 11, 2023

Gootkit Loader campaign targets Australian Healthcare Industry

Threat actors are targeting organizations in the Australian healthcare sector with the Gootkit malware loader. Trend Micro researchers warn that Gootkit Loader is actively targeting the Australian healthcare industry. The experts analyzed a series of attacks and discovered that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player. […]

Pierluigi Paganini August 02, 2022

Gootkit AaaS malware is still active and uses updated tactics

Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. Gootkit runs on an access-a-as-a-service model, it is used by different groups to drop additional malicious payloads on the compromised systems. Gootkit has been known to use fileless techniques to deliver threats such as the SunCrypt, and REvil (Sodinokibi) ransomware, Kronos trojans, […]

Pierluigi Paganini March 01, 2021

Gootkit delivery platform Gootloader used to deliver additional payloads

The Javascript-based infection framework for the Gootkit RAT was enhanced to deliver a wider variety of malware, including ransomware. Experts from Sophos documented the evolution of the “Gootloader,” the framework used for delivering the Gootkit RAT banking Trojan. The framework was improved to deploy a wider range of malware, including ransomware payloads. “In recent years, almost […]

Pierluigi Paganini April 28, 2019

Signed Malspam campaigns hit Europeans with Multi-Stage JasperLoader

Experts observed several malspam campaigns using signed emails to deliver the GootKit banking Trojan (aka talalpek or Xswkit). Threat actors leverage a multi-stage malware loader tracked as JasperLoader in the malspam campaigns over the past few months. The JasperLoader was observed while distributing malware to targets from Central Europe, most of them in Italy and […]

Pierluigi Paganini June 10, 2017

Mouseover PowerPoint attack exploited to deliver the Gootkit Trojan

Experts at Trend Micro observed a spam campaign leveraging the PowerPoint ‘Mouseover’ attack to deliver the Gootkit banking Trojan. Earlier this week, the security expert Ruben Daniel Dodge published an interesting post on a new technique to deliver malware through PowerPoint files leveraging on mouseover events. Now experts at Trend Micro revealed details of a spam campaign they detected in […]

Gootkit

Gootkit Loader campaign targets Australian Healthcare Industry

Gootkit AaaS malware is still active and uses updated tactics

Gootkit delivery platform Gootloader used to deliver additional payloads

Signed Malspam campaigns hit Europeans with Multi-Stage JasperLoader

Mouseover PowerPoint attack exploited to deliver the Gootkit Trojan

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Russia-linked APT28 use Signal chats to target Ukraine official with malware

China-linked APT Salt Typhoon targets Canadian Telecom companies

U.S. warns of incoming cyber threats following Iran airstrikes

McLaren Health Care data breach impacted over 743,000 people

American steel giant Nucor confirms data breach in May attack

QUICK LINKS

Gootkit

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!