Loader
Gootkit
First seen: 2014-01 • Status: active
Currently Active Threat
Gootkit started as a banking virus but now delivers other malware. It tricks people through poisoned search results on Google.
Overview
Gootkit is a modular banking trojan that evolved into a malware loader. It uses SEO poisoning to distribute various payloads including ransomware.
Also Known As
Gootkit Loader
How It Spreads
- • SEO poisoning
- • Compromised websites
- • Malicious documents
What It Does
- • Banking credential theft
- • Downloads additional malware
- • Deploys ransomware
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for SEO poisoning
- • Watch for Gootkit JavaScript
MITRE ATT&CK Techniques
T1189, T1105, T1555
If You're Infected
- 1.
Full malware scan
- 2.
Check banking accounts
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required