Gootkit malware creators expand their distribution platform reseller.co.nz - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from reseller.co.nz Daily Mail and Mail on Sunday newspapers.
Solarseven / Getty Images
The cybercriminal gang behind the Gootkit Trojan is expanding its malware distribution activities and is improving its multi-stage distribution platform to deliver additional threats. The loader now uses advanced techniques that include fileless execution, memory injection and components written in different programming languages.
Over the past several years many Trojans evolved into malware distribution platforms by entering partnerships with ransomware gangs or by developing their own ransomware. Some well-known relationships are TrickBot and Ryuk or Dridex and WastedLocker. Gootkit is no exception and followed a similar path.
Starting out as a Trojan focused on stealing online banking credentials, just like TrickBot and Dridex, Gootkit formed a partnership with the REvil ransomware. More recently, security researchers have seen the first stage of Gootkit the so-called loader component being used to distribute the Kronos Trojan and Cobalt