Malware News New GootLoader Malware Variant Evades Detection and Spreads Rapidly

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,178
Content source
https://thehackernews.com/2023/11/new-gootloader-malware-variant-evades.html
A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection.

"The GootLoader group's introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2 such as CobaltStrike or RDP," IBM X-Force researchers Golo Mühr and Ole Villadsen said. "This new variant is a lightweight but effective malware allowing attackers to rapidly spread throughout the network and deploy further payloads."
Click to expand...
"Currently observed campaigns leverage SEO-poisoned searches for themes such as contracts, legal forms, or other business-related documents, directing victims to compromised sites designed to look like legitimate forums where they are tricked into downloading the initial payload as an archive file," the researchers said.

The archive file incorporates an obfuscated JavaScript file, which, upon execution, fetches another JavaScript file that's triggered via a scheduled task to achieve persistence.
In the second stage, JavaScript is engineered to run a PowerShell script for gathering system information and exfiltrating it to a remote server, which, in turn, responds with a PowerShell script that's run in an infinite loop and grants the threat actor to distribute various payloads.
Click to expand...
 
  • Like
  • +Reputation
Reactions: upnorth, Nevi, Trident and 3 others

Similar threads

silversurfer
    • +Reputation
    • Like
Malware News New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion
Replies
0
Views
1,128
Security News
silversurfer
silversurfer
Bot
    • Like
Security News New BunnyLoader Malware Variant Surfaces with Modular Attack Features
Replies
0
Views
836
Security News
Bot
Bot
silversurfer
    • Like
    • +Reputation
Malware News DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software
Replies
5
Views
1,876
Security News
Keyang556
Keyang556

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top