Gootkit malware returns to life alongside REvil ransomware

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,151
Content source
https://www.bleepingcomputer.com/news/security/gootkit-malware-returns-to-life-alongside-revil-ransomware/
After a year-long vacation, the Gootkit information-stealing Trojan has returned to life alongside REvil Ransomware in a new campaign targeting Germany.
The Gootkit Trojan is Javascript-based malware that performs various malicious activities, including remote access for threat actors, keystroke capturing, video recording, email theft, password theft, and the ability to inject malicious scripts to steal online banking credentials.

Last week, a security researcher known as The Analyst told BleepingComputer that the Gootkit malware had emerged again in attacks targeting Germany.
In this new malicious campaign, threat actors are hacking WordPress sites and utilizing SEO poisoning to display fake forum posts to visitors. These posts pretend to be a question and answers with a link to fake forms or downloads. When the user clicks on the link, they will download a ZIP file containing an obfuscated JS file that will install either the Gootkit malware or the REvil ransomware.
Click to expand...
In a new report released today, Malwarebytes' researchers explain that the malicious JavaScript payloads will perform fileless attacks of either Gootkit or REvil.
When launched, the JavaScript script will connect to its command and control server and downloads another script that contains the malicious malware payload.
In Malwarebytes' analysis, this payload is usually Gootkit, but it was also REvil ransomware in some cases.
"After conversion to ASCII, the next JavaScript is revealed, and the code is executed. This JavaScript comes with an embedded PE payload which may be either a loader for Gootkit, or for the REvil ransomware. There are also some differences in the algorithm used to deobfuscate it," Malwarebytes stated in their report.
Click to expand...
www.bleepingcomputer.com

Gootkit malware returns to life alongside REvil ransomware

After a year-long vacation, the Gootkit information-stealing Trojan has returned to life alongside REvil Ransomware in a new campaign targeting Germany.
www.bleepingcomputer.com www.bleepingcomputer.com
 
Last edited:
  • Like
  • +Reputation
Reactions: ForgottenSeer 89360, Andy Ful, SeriousHoax and 4 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Gootkit Malware Continues to Evolve with New Components and Obfuscations
Replies
1
Views
501
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
Gootkit malware abuses VLC to infect healthcare orgs with Cobalt Strike
Replies
0
Views
569
News Archive
silversurfer
silversurfer
vtqhtr413
    • Like
Security News Russia Announces Arrest of Medibank Hacker Tied to REvil
Replies
1
Views
1,400
Security News
Morro
Morro

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top