Andy Ful

Level 75
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
6,419
SWH vs. GootLoader.

Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets.

https://malwaretips.com/threads/goo...employees-of-law-and-accounting-firms.111933/
https://thehackernews.com/2022/01/gootloader-hackers-targeting-employees.html

Malware analysis (from previous campaign):
https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/
"GootLoader relies heavily on social engineering to establish its foothold, from poisoning Google search results to fashioning the payload," said Keegan Keplinger, research and reporting lead for eSentire's Threat Response Unit (TRU).

"GootLoader's operators invite employees to seek, download, and execute their malware under the guise of a free business agreement template. This is particularly effective against legal firms, who may encounter uncommon requests from clients."

1642089507213.png



This attack vector can be used also against home users via widespread spam campaigns. The user gets an email with a direct link to something interesting. In fact, it is a direct link to the malicious script.
SWH can block such malware via scripting restrictions.
 
Last edited:
Top