#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

GootLoader | Breaking Cybersecurity News | The Hacker News

New GootLoader Malware Variant Evades Detection and Spreads Rapidly

New GootLoader Malware Variant Evades Detection and Spreads Rapidly

Nov 07, 2023 Endpoint Security / Malware
A new variant of the  GootLoader malware  called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. "The GootLoader group's introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2 such as CobaltStrike or RDP," IBM X-Force researchers Golo Mühr and Ole Villadsen  said . "This new variant is a lightweight but effective malware allowing attackers to rapidly spread throughout the network and deploy further payloads." GootLoader, as the name implies, is a malware capable of downloading next-stage malware after luring potential victims using search engine optimization (SEO) poisoning tactics. It's linked to a threat actor tracked as  Hive0127  (aka UNC2565). The use of GootBot points to a tactical shift, with the implant downloaded as a payload after a Gootloader infection in lieu of post-exploitation frameworks such
Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware

Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware

Mar 01, 2023 Threat Intelligence / Malware
Six different law firms were targeted in January and February 2023 as part of two disparate threat campaigns distributing  GootLoader  and  FakeUpdates  (aka SocGholish) malware strains. GootLoader , active since late 2020, is a first-stage downloader that's capable of delivering a wide range of secondary payloads such as Cobalt Strike and ransomware. It notably  employs  search engine optimization (SEO) poisoning to funnel victims searching for business-related documents toward drive-by download sites that drop the JavaScript malware. In the  campaign  detailed by cybersecurity company eSentire, the threat actors are said to have compromised legitimate, but vulnerable, WordPress websites and added new blog posts without the owners' knowledge. "When the computer user navigates to one of these malicious web pages and hits the link to download the purported business agreement, they are unknowingly downloading GootLoader," eSentire researcher Keegan Keplinger  said
Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA

Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA

Feb 09, 2024Static Code Analysis
Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest security patches. However, in practice, developers often face a large amount of security work without clear prioritization - and miss a significant portion of the attack surface altogether. The primary issue arises from the detection and prioritization methods used by traditional Static Code Analysis (SCA) tools for vulnerabilities. These methods lack the organizational-specific context needed to make an informed scoring decision: the score, even if critical, might not  actually  be critical for an organization because its infrastructure works in a unique way - affecting the actual impact the vulnerability might have.  In other words, since these tools depend on a relatively naive methodol
GootLoader Hackers Targeting Employees of Law and Accounting Firms

GootLoader Hackers Targeting Employees of Law and Accounting Firms

Jan 13, 2022
Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets. "GootLoader is a stealthy initial access malware, which after getting a foothold into the victim's computer system, infects the system with ransomware or other lethal malware," researchers from eSentire  said  in a report shared with The Hacker News. The cybersecurity services provider said it intercepted and dismantled intrusions aimed at three law firms and an accounting enterprise. The names of the victims were not disclosed. Malware can be delivered on targets' systems via many methods, including poisoned search results, fake updates, and trojanized applications downloaded from sites linking to pirated software. GootLoader resorts to the first technique. In March 2021,  details em
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Cybersecurity Resources