Latest Breaking News On - ஜன்னல்கள் ஸ்கிரிப்டிங் தொகுப்பாளர் - Page 1 : comparemela.com
Is an Attacker Living Off Your Land?
darkreading.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from darkreading.com Daily Mail and Mail on Sunday newspapers.
Gootkit malware creators expand their distribution platform
reseller.co.nz - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from reseller.co.nz Daily Mail and Mail on Sunday newspapers.
Solarseven / Getty Images
The cybercriminal gang behind the Gootkit Trojan is expanding its malware distribution activities and is improving its multi-stage distribution platform to deliver additional threats. The loader now uses advanced techniques that include fileless execution, memory injection and components written in different programming languages.
Over the past several years many Trojans evolved into malware distribution platforms by entering partnerships with ransomware gangs or by developing their own ransomware. Some well-known relationships are TrickBot and Ryuk or Dridex and WastedLocker. Gootkit is no exception and followed a similar path.
Starting out as a Trojan focused on stealing online banking credentials, just like TrickBot and Dridex, Gootkit formed a partnership with the REvil ransomware. More recently, security researchers have seen the first stage of Gootkit the so-called loader component being used to distribute the Kronos Trojan and Cobalt
Gootloader has expanded its payloads beyond the Gootkit malware family, using Google SEO poisoning to gain traction.
The Gootloader malware loader, previously used for distributing the Gootkit malware family, has undergone what researchers call a “renaissance” when it comes to payload delivery.
New research released this week paints Gootloader as an increasingly sophisticated loader framework, which has now expanded the number of payloads its delivers beyond Gootkit (and in some cases, the previously-distributed REvil ransomware), to include the Kronos trojan and the Cobalt Strike commodity malware.
Gootloader is known for its multi-stage attack process, obfuscation tactics, and for using a known tactic for malware delivery called search engine optimization (SEO) poisoning. This technique leverages SEO-friendly terms in attacker-controlled websites, in order to rank them higher in Google’s search index. In the end, the method brings more eyeballs to the malicious sites, w