Cybereason, the XDR company, has issued a global threat alert advisory warning organisations about a rise in global GootLoader infections. Victim organisations have been located primarily in the US, UK and Australia. Previous reported attacks using the malware have been linked to UNC2565.
During an investigation which began in December 2022, Cybereason’s incident responders discovered SEO Poisoning techniques being used to spread the GootLoader malware in victims environments. Using SEO Poisoning threat actors optimise fraudulent websites to appear higher in search engine results. In the past, victims tend to click on links to websites that appear high in search engine results. In addition, malware operators have been abusing Google Ads to distribute their malicious payloads.Click below to share this article