GootKit Malware Bypasses Windows Defender by Setting Path Exclusions

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,148
Content source
https://www.bleepingcomputer.com/news/security/gootkit-malware-bypasses-windows-defender-by-setting-path-exclusions/
As Windows Defender matures and becomes tightly integrated into Windows 10, malware writers are creating techniques to evade its detection.
Such is the case with the GootKit banking Trojan, which use a UAC bypass and WMIC commands to exclude the malware executable from being scanned by Windows Defender Antivirus.

GootKit is a banking Trojan that attempts to steal the online banking credentials of infected users through video capture and redirects to fake banking sites under the attacker's control. An interesting aspect of this infection is that it is a Node JS application packaged into an executable.
Click to expand...
Read more below:
www.bleepingcomputer.com

GootKit Malware Bypasses Windows Defender by Setting Path Exclusions

As Windows Defender matures and becomes tightly integrated into Windows 10, malware writers are creating techniques to evade its detection. Such is the case with the GootKit banking Trojan, which use a UAC bypass and WMIC commands to exclude the malware executable from being scanned by Windows...
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: upnorth, Gandalf_The_Grey, brambedkar59 and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,118
This persistence method will not work with WD ASR rules enabled. Furthermore, it will not work when the execution of reg.exe (well known LOLBin) is blocked.
The bypass used by the malware is actually detected by WD, but without additional tests, it is unclear if the malware can be fully blocked/removed.
 
  • Like
Reactions: woodrowbone, Gandalf_The_Grey, silversurfer and 2 others
You must log in or register to reply here.

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus with Andy Ful WHHLight
Replies
38
Views
3,780
Video Reviews - Security and Privacy
LennyFox
L
upnorth
    • +Reputation
    • Like
    • Wow
Android Malware steals credentials using Optical Character Recognition
Replies
0
Views
960
News Archive
upnorth
upnorth
upnorth
    • Like
    • +Reputation
    • Thanks
Good News, URSNIF no longer a Banking Trojan. Bad News, it's now a Backdoor
Replies
0
Views
469
News Archive
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top