Gootkit previously concealed dangerous files using freeware installers and now, it is deceiving users to download these files by engineering them as lawful documents. Looking at a flag for a PowerShell script, researchers were able to stop it from doing any harm and from delivering its payload. This approach was discovered through managed extended detection and response (MxDR).
In order to compromise unwary users, the creators of the Gootkit access-as-a-service (AaaS) virus have reemerged. Gootkit has a history of disseminating threats including the SunCrypt ransomware, REvil (Sodinokibi) malware, Kronos trojans, and Cobalt Strike via fileless tactics.
The discoveries add to a prior report by eSentire, which stated in January that numerous attacks targeted the staff of accounting and law companies to propagate malware on compromised systems.
Gootkit is a tool of the rising underground ecosystem of access brokers, who are well-known for charging money to provide other hackers access to corporate networks, opening the door for real destructive operations like ransomware.
Upgraded Tactics
A search engine user initiates the attack chain by entering a specific query. A website infiltrated by Gootkit operators is displayed among the results using a black SEO method used by hackers.
The website is presented to the victim as an online forum that answers his question directly when they visit it. The mali
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: