• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cybercriminals targeting law firms with gootloader and fakeupdates malware

Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware

You are here: Home / General Cyber Security News / Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware
March 1, 2023

6 various law corporations had been focused in January and February 2023 as element of two disparate danger strategies distributing GootLoader and FakeUpdates (aka SocGholish) malware strains.

GootLoader, lively considering the fact that late 2020, is a to start with-phase downloader which is capable of offering a wide range of secondary payloads this sort of as Cobalt Strike and ransomware.

It notably employs look for engine optimization (Website positioning) poisoning to funnel victims browsing for enterprise-associated documents towards generate-by down load web sites that fall the JavaScript malware.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


In the campaign in depth by cybersecurity company eSentire, the threat actors are said to have compromised authentic, but susceptible, WordPress web sites and additional new site posts without the owners’ information.

“When the laptop or computer person navigates to one particular of these destructive web pages and hits the hyperlink to down load the purported company agreement, they are unknowingly downloading GootLoader,” eSentire researcher Keegan Keplinger said in January 2022.

GootLoader and FakeUpdates Malware

The disclosure from eSentire is the latest in a wave of attacks that have used the Gootkit malware loader to breach targets.

GootLoader is far from the only JavaScript malware concentrating on enterprise specialists and regulation company workers. A different established of attacks have also entailed the use of SocGholish, which is a downloader capable of dropping much more executables.

The infection chain is even more significant for taking benefit of a internet site frequented by legal companies as a watering gap to distribute the malware.

Another standout component of the twin intrusion sets in the absence of ransomware deployment, in its place favoring fingers-on exercise, suggesting that the attacks could have diversified in scope to include things like espionage operations.

“Prior to 2021, email was the main infection vector utilised by opportunistic threat actors,” Keplinger said. From 2021 to 2023, browser-primarily based attacks […] have steadily been growing to contend with email as the main infection vector.”

“This has been largely thanks to GootLoader, SocGholish, SolarMarker, and the latest strategies leveraging Google Ads to float prime lookup effects.”

Identified this post appealing? Follow us on Twitter  and LinkedIn to read a lot more exclusive articles we post.


Some areas of this write-up are sourced from:
thehackernews.com

Previous Post: «checkmarx appoints sandeep johri as its new ceo Checkmarx appoints Sandeep Johri as its new CEO
Next Post: Public SaaS Assets Are a Major Risk For Medium, Large Firms Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Free decryptor released for Conti ransomware variant infecting hundreds of organisations
  • Bitwarden to release fix for four-year-old vulnerability
  • THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter
  • New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
  • A New Security Category Addresses Web-borne Threats
  • ICO Reprimands Metropolitan Police for Data Snafu
  • Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware
  • Russian Military Preparing New Destructive Attacks: Microsoft
  • Podcast transcript: The changing face of cyber warfare
  • Vishing Campaign Targets Social Security Administration

Copyright © TheCyberSecurity.News, All Rights Reserved.