November 6, 2024 at 04:51PM Sophos reports that the Gootloader malware, known for SEO poisoning tactics, targets niche victims, including Australian Bengal cat enthusiasts. As an infostealer or malware dropper, it exploits search queries to deliver malicious payloads. The use of malvertising is rising, connecting cybercrime to ransomware operations, prompting action from cybersecurity agencies. ### … Read more
September 19, 2024 at 08:36AM Microsoft warns of the INC ransomware used by threat actor Vanilla Tempest to target US healthcare organizations. The attacker leverages Gootloader malware to expand network access, utilizing tools like AnyDesk, MEGA, RDP, and WMI Provider Host to execute the ransomware payload. They have been active for at least two years … Read more
July 5, 2024 at 05:56AM Cybereason reported that the GootLoader malware, linked to threat actor Hive0127, continues to evolve, with the latest version being GootLoader 3. It is distributed via SEO poisoning and serves as a conduit for delivering various payloads. The attackers have also unleashed their own command-and-control tool, expanding their market for financial … Read more
November 7, 2023 at 07:36AM GootBot is a new variant of the GootLoader malware that allows attackers to move laterally on compromised systems undetected. It is a lightweight but effective malware that spreads quickly and deploys further payloads. GootBot connects to compromised WordPress sites for command and control, making it difficult to block. As a … Read more