The Gootkit Information Stealer

by

March 4, 2021

Ignore the adorable tree baby. This isn’t about Groot. It’s about Gootkit, a particularly nasty information stealer that’s currently being distributed to people via hacked WordPress sites and malicious SEO techniques.

Gootkit, or Gootloader, has been around for awhile; since at least 2019. The bad actors have set up a system that’s really pretty…smart? I hate saying that, but as a marketing guy who understands the buyer’s journey and how people use the internet, specifically Google, to find what they’re looking for.

So, basically, as I’m sure you know, when you’re going online to find an answer to a question you have, you’re probably using something called a “phrase-based” search. You ask Google a question. It tries to serve up the best answer. You scan your results and click the best match. Yadda, yadda, yadda, you get it.

The people behind Gootkit get this. So they’ve set up a slew of blank forums on compromised WordPress sites that leverage SEO and an authoritative entry from what appears to be a system administrator or a trusted poster, that contains a masked yet malicious link, and you’re off to the races.

After clicking the link, you’ll download a ZIP archive. The archive contains a JavaScript file that begins the infection process. The Javascript itself is written to the actual disk. The ransomware is deployed to system memory, making it much more difficult to detect.

The actors are specifically targeting people in the U.S., Germany and South Korea.

The story is still developing so information is still coming out. Sophos has done a really nice write up on the more technical details (which you can read here).

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Carl Keyser is a Digital Marketing Specialist at Integris.

Keep reading

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

As a business owner, it's important to make the most of your resources. This includes finding cost-effective solutions for managing and maintaining your company's technology. Keeping a competitive edge in your industry requires secure, modern tech that allows your...

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

If you’re wondering where to find top IT services in Minneapolis, it’s important to identify providers that offer a wide range of support, have great service and provide solid tech expertise. Comprehensive technology insight is especially important when it comes to IT...

Webinar: Email Security that Doesn’t Suck…

Webinar: Email Security that Doesn’t Suck…

Trustifi and Security 7 present Email Security That Doesn’t Suck.  In today’s age of over-complicated security tools, it is extremely difficult to manage the fine balance between security and productivity.   {% video_player "embed_player" overrideable=False,...