Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware

In January and February 2023, two separate cyber campaigns that distributed the malware strains GootLoader and FakeUpdates (also known as SocGholish) targeted six distinct legal firms. GootLoader, a first-stage downloader active since late 2020, is capable of distributing a variety of secondary payloads, including Cobalt Strike and ransomware.

Notably, it uses SEO poisoning to direct victims looking for business-related papers to fly-by-night download sites that have JavaScript malware. The eSentire disclosure is the most recent in a string of attacks that have breached targets using the Gootkit malware loader.

Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware

01-Mar-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address