The Gootloader malware loader has reemerged after a 7-month hiatus, primarily using SEO poisoning to promote fake legal document websites that distribute malware. This campaign involves sophisticated evasion techniques, malformed ZIP archives, and the deployment of backdoors like Supper SOCKS5 for network access. #Gootloader #SupperSOCKS5 #VanillaTempest
Keypoints
- Gootloader is back after a 7-month break, using SEO poisoning to drive victims to malicious sites.
- It promotes fake legal document templates that secretly deliver a JavaScript malware loader.
- The campaign uses advanced techniques such as font glyph swapping to evade detection.
- Malformed ZIP archives conceal malicious JavaScript files, complicating analysis.
- Infected devices are targeted with the Supper SOCKS5 backdoor, facilitating remote access for further attacks.