Mar 3, 2021
Criminal operators have turned the infection method for “Gootkit” financial malware into a complex delivery platform for a wide range of malware, including ransomware.
Sophos researchers have named the delivery platform, “Gootloader”.
Gootloader attackers reach their targets by hacking into legitimate websites and subtly altering the content. As a result, the websites can show different content to different visitors.
According to Sophos, the criminal operators manipulate search engine optimization (SEO) so that when someone types a question into a search engine such as Google, the hacked websites appear among the top results. What happens after users click on a link to a hacked website depends upon their country location.
Threat actors are using a new infection method dubbed “Gootloader” to trick users looking for advice, leading them to bogus forums with links to download malware instead, warns cybersecurity firm.