The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims.
All about GootKit :
The Gootkit Access-as-a-Service (AaaS) malware’s operators have reemerged with updated techniques to compromise unsuspecting victims. Gootkit previously used freeware installers to disguise malicious files. According to Trend Micro researchers, it now uses legal documents to trick users into downloading these files.
Gootkit is part of the proliferating underground ecosystem of access brokers, who are known to provide other malicious actors a pathway into corporate networks for a price, paving the way for actual damaging attacks such as ransomware.
The technique is to to lure unsuspecting users into visiting compromised websites hosting malware-laced ZIP package files purportedly related to disclosure agreements for real estate transactions.
“Gootkit is still active and improving its techniques,” the researchers said. “This implies that this operation has proven effective, as other threat actors seem to continue using it.”