Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware


In January and February 2023, two separate cyber campaigns that distributed the malware strains GootLoader and FakeUpdates (also known as SocGholish) targeted six distinct legal firms. GootLoader, a first-stage downloader active since late 2020, is capable of distributing a variety of secondary payloads, including Cobalt Strike and ransomware.

Notably, it uses SEO poisoning to direct victims looking for business-related papers to fly-by-night download sites that have JavaScript malware. The eSentire disclosure is the most recent in a string of attacks that have breached targets using the Gootkit malware loader.

Read More…